Brittany

--------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.47, April 2017 (build 5.47.13703.0) Started On Wed Apr 19 17:49:36 2017 Engine: 1.1.13601.0 Signatures: 1.239.313.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 19 17:54:03 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.47, April 2017 (build 5.47.13703.0) Started On Sun Apr 30 23:32:42 2017 Engine: 1.1.13601.0 Signatures: 1.239.313.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 30 23:46:51 2017 Return code: 0 (0x0)

The JRT text file. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by britt (Administrator) on Sun 30/04/2017 at 23:20:21.90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) Successfully deleted: C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) Successfully deleted: C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) Successfully deleted: C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 30/04/2017 at 23:26:05.61 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes please! Malwarebytes doesn't seem to be giving me the constant notifications at the moment, but I would like to make sure I have removed any threats. Attached is the malwarebytes export summary and copied here is the AdwCleaner[C0] text file. # AdwCleaner v6.046 - Logfile created 30/04/2017 at 23:08:25 # Updated on 24/04/2017 by Malwarebytes # Database : 2017-04-29.1 [Server] # Operating System : Windows 10 Home (X64) # Username : britt - LAPTOP-KQNSUSSV # Running from : C:\Users\britt\Desktop\adwcleaner_6.046.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdpohbejnbclggljmoijjcpdhbaaijfm ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mixidj.delta-search.com/?affID=121136&tt=gc_&babsrc=HP_ss&mntrId=B23684A6C88B4788 [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-21 18:33:03&v=17.2.0.38&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 20:08:03&v=17.3.1.204&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP40A6D9E0-B515-45A3-9AC0-A3321E79CA29&SSPV= [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com/?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-21%2018:33:03&v=17.2.0.38&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com/?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08%2020:08:03&v=17.3.1.204&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 20:08:03&v=18.1.0.443&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 20:08:03&v=18.1.5.512&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mysearch.avg.com?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 20:08:03&v=18.1.7.598&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://mysearch.avg.com?cid={3FBADCCC-F53C-428B-AE31-ADC3911EE30C}&mid=c9b0087a409947d3a1eb55ef8e6fae78-244066784179902a36a3312546bbb7833d48a589&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-08 20:08:03&v=18.1.9.799&pid=safeguard&sg=&sap=hp [-] [C:\Users\britt\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cdpohbejnbclggljmoijjcpdhbaaijfm ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [4134 Bytes] - [30/04/2017 23:08:25] C:\AdwCleaner\AdwCleaner[S0].txt - [3754 Bytes] - [30/04/2017 23:04:53] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4280 Bytes] ########## Export Summary.txt

Hi there I am having constant messages pop up with Malwarebytes blocking two different inbound files, from the IP address 103.225.137.62 which from what I could find belongs to some TV service in the Philippines. I turned the rootkit option on for scanning in malwarebytes also, but no scans have found anything. These seem to be the two files that are constantly popping up, with recent Malwarebytes reports copied below. Also attached is the FRST and Addition reports as completed with Farbar Recovery Scan Tool. Any help would be greatly appreciated, thank you! Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/24/17 Protection Event Time: 6:39 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1793 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 103.225.137.62 Port: [62933] Type: Outbound File: C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/24/17 Protection Event Time: 6:33 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.1793 License: Trial -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 103.225.137.62 Port: [62933] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Addition.txt FRST.txt