Jump to content
Sign in to follow this  
Aero

Aero - log 02

Recommended Posts

Hi Tarun,

Not sure if I should title this log 1 or 2 since you helped me 3 years ago.

 

This time I was a little unwary when installing a frree video converer and missed the custom install and had a couple of things I didnt want installed. I know one was chromium which showed up in Firefox but I am not sure what the other was.

I removed chromium via add/remove programs and went through the AMT as much as I could. Both Malwarebytes and Superantuspyware removed stuff.  Am I clean now?

...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:45:48, on 25/11/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0608)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Thunder Master\THPanel.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Aeronwen Trewent\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Aeronwen Trewent\Desktop\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
O4 - HKCU\..\Run: [BingSvc] C:\Users\Aeronwen Trewent\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Discord] C:\Users\Aeronwen Trewent\AppData\Local\Discord\app-0.0.298\Discord.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-610 Series"
O4 - HKCU\..\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A
O4 - HKCU\..\Run: [Chromium] "c:\users\aeronwen trewent\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Curse.lnk = Aeronwen Trewent\AppData\Roaming\Curse Client\Bin\Curse.exe
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAH\FAHConsole.exe
O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12044 bytes

 

 

 

Share this post


Link to post
Share on other sites

Not seeing any infections jumping out at first look. Chromium is what Google Chrome is based on. If you like, post your Malwarebytes log from before and also if you'd like to scan again now, post that one too.

Share this post


Link to post
Share on other sites

Hi, thanks for checking it Tarun.

I don't use or have Chrome. I use Firefox and never got rid of IE so its there too. Both I think had some wierd toolbar that seemed to be called chromium when this happened.

 

This is the Malwarebytes log from my first pass after the download but after I had removed a couple of things from add/remove programms.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/25/17
Scan Time: 1:19 AM
Log File: b11b46a4-d17e-11e7-9041-60a44c2f86e5.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3341
License: Expired

-System Information-
OS: Windows 10 (Build 15063.726)
CPU: x64
File System: NTFS
User: Aeronwen\Aeronwen Trewent

-Scan Summary-
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 253156
Threats Detected: 44
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 3
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341

Module: 3
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341

Registry Key: 8
PUP.Optional.InstallCore, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\csastats, No Action By User, [2], [260986],1.0.3341
PUP.Optional.ProductSetup, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\PRODUCTSETUP, No Action By User, [14411], [242047],1.0.3341
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D60D4EBA-B59D-4E76-8E5E-1BBD07E61AFD}, No Action By User, [633], [389376],1.0.3341
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, No Action By User, [633], [389375],1.0.3341
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP, No Action By User, [633], [390139],1.0.3341
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ByteFenceService, No Action By User, [633], [388726],1.0.3341
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F2D11A11-A251-CB91-13D1-BB11C3516891}, No Action By User, [63], [302717],1.0.3341
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, No Action By User, [633], [389016],1.0.3341

Registry Value: 4
PUP.Optional.NotChromeRun, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GOOGLECHROMEAUTOLAUNCH_DF1187B4E295A26B95BED35F84067766, No Action By User, [1411], [241243],1.0.3341
PUP.Optional.ProductSetup, HKU\S-1-5-21-3165777642-4275034921-3705643754-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [14411], [242047],1.0.3341
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D60D4EBA-B59D-4E76-8E5E-1BBD07E61AFD}|PATH, No Action By User, [633], [389376],1.0.3341
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP|IMAGEPATH, No Action By User, [633], [390139],1.0.3341

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\{46447018-62EC-1CA0-0F74-39482B1CC5D0}, No Action By User, [63], [302717],1.0.3341

File: 24
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, No Action By User, [633], [388721],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [633], [390139],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [633], [388726],1.0.3341
PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HOWTOREMOVE\HOWTOREMOVE.HTML, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\chromium-min.jpg, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\control panel-min-min.JPG, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\down.png, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\ff menu.JPG, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\ff search engine-min.png, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\hp-min ff.png, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\hp-min ie.png, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\search engine.gif, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\setup pages.gif, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\sp-min.png, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\start-min.jpg, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\HowToRemove\up.png, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\denifi, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\nosotoc, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\uninst.exe, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\Users\Aeronwen Trewent\AppData\Local\{46447018-62EC-1CA0-0F74-39482B1CC5D0}\uninstp.dat, No Action By User, [63], [302717],1.0.3341
PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1CM8J6Q3.DEFAULT-1510736047067\PREFS.JS, No Action By User, [63], [303324],1.0.3341
PUP.Optional.WinYahoo, C:\USERS\AERONWEN TREWENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1CM8J6Q3.DEFAULT-1510736047067\SEARCHPLUGINS\YAHOO! POWERED.XML, No Action By User, [63], [302726],1.0.3341
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [633], [389016],1.0.3341
PUP.Optional.ByteFence, C:\USERS\AERONWEN TREWENT\APPDATA\LOCAL\TEMP\TMPSEC9639918\BYTEFENCE-INSTALLER_3.16.0.EXE, No Action By User, [633], [389016],1.0.3341

Physical Sector: 0
(No malicious items detected)


(end)

 

***

and this is the one arfter I run though the AMT

***

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/25/17
Scan Time: 9:49 AM
Log File: e6820836-d1c5-11e7-8ee1-60a44c2f86e5.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3342
License: Expired

-System Information-
OS: Windows 10 (Build 15063.729)
CPU: x64
File System: NTFS
User: Aeronwen\Aeronwen Trewent

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1162644
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 hr, 24 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×