WWI
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by WWI
-
-
-
Hey Kevin
I assume everything was clean and we did not find anything? that is good news.
-
Trouble shooting fixed it. Here are the files. There are no other concerns if nothing is found thank you
-
Kevinf80
update, when it finished running the fix with FRST a screen came up that said I had to reboot. I did, and when the computer came back up I had no internet access. Do I Just keep going?
-
-
You prefer I attach the text file or copy the file into the reply from the clipboard?
-
Hello Kevinf80
Here is the file in that folder, but it looks the same as the one I posted in the message. Let me know if you want me to re run Farbar
-
Hello Kevin
Thank you in advance fro the help. Here are the logs generated by the 3 scans. Note that we I have a licensed version of Malwarebytes premium running when this email attachment was opened. As far as I know nothing came up indicating an issue
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 11/10/18
Scan Time: 11:21 AM
Log File: 00fe1bf4-e50d-11e8-9b98-18037327d9a8.json-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7775
License: Premium-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: WWI\terryr-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 438029
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 40 sec-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect-Scan Details-
Process: 0
(No malicious items detected)Module: 0
(No malicious items detected)Registry Key: 0
(No malicious items detected)Registry Value: 0
(No malicious items detected)Registry Data: 0
(No malicious items detected)Data Stream: 0
(No malicious items detected)Folder: 0
(No malicious items detected)File: 0
(No malicious items detected)Physical Sector: 0
(No malicious items detected)WMI: 0
(No malicious items detected)
(end)# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-09-21.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-10-2018
# Duration: 00:00:15
# OS: Windows 10 Pro
# Scanned: 42056
# Detected: 0
***** [ Services ] *****No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
AdwCleaner[S00].txt - [1249 octets] - [09/11/2018 15:07:26]########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
Ran by terryr (administrator) on DT-TER-L60OATD (10-11-2018 14:04:48)
Running from C:\Users\Terryr\Desktop\Virus info Nov10 2018
Loaded Profiles: terryr (Available Profiles: terryr & User & defaultuser0 & Fab)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SAP) C:\Program Files (x86)\SAP\SAP Business One Client Agent\B1ClientAgent.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe
() C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.281_none_eada712a1d8142be\TiWorker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2917632 2015-05-27] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-07-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-07-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1092304 2016-03-14] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WSUpdater] => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe [177408 2018-08-23] (UPS)
HKLM-x32\...\Run: [NA1Messenger] => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe [34048 2018-08-23] ()
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2088670383-3379664902-348211111-1121\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9539800 2016-12-15] (Piriform Ltd)
HKU\S-1-5-21-2088670383-3379664902-348211111-1121\...\MountPoints2: {b3fd339e-dd3b-11e8-b897-18037327d9a8} - "D:\HiSuiteDownLoader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PinkNotes Plus v4.lnk [2017-03-13]
ShortcutTarget: PinkNotes Plus v4.lnk -> C:\Program Files (x86)\PNP4\pnplus4.exe (Alpha Media, Inc.®)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2018-02-27]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2018-02-27]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
GroupPolicy: Restriction ? <==== ATTENTION==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{3d17db11-1ee9-42b2-b528-f147d4c7217e}: [NameServer] 8.8.8.8
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-04] (Microsoft Corporation)FireFox:
========
FF ProfilePath: C:\Users\Terryr\AppData\Roaming\Mozilla\Firefox\Profiles\udcu1ahy.default [2018-11-10]
FF Extension: (DownThemAll!) - C:\Users\Terryr\AppData\Roaming\Mozilla\Firefox\Profiles\udcu1ahy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-10-21] [Legacy]
FF Extension: (Telemetry coverage) - C:\Users\Terryr\AppData\Roaming\Mozilla\Firefox\Profiles\udcu1ahy.default\features\{27397fb6-3d6a-41e6-a8d8-bea84fbacf49}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-10] [Legacy]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)LastRegBack: 2018-06-11 16:43
==================== End of FRST.txt ============================
-
Hello, I opened a word document that was sent to me in an email. When I clicked on it, it came up and said that I had the wrong version of word installed and nothing else happened. I moved that word doc file to another computer to test it and Windows defender quarantined it and labeled it as a trojan downloader "TrojanDownloader:O97M/Dornoe.A!ams" . I returned to the computer that I had opened it with and ran several virus programs to see if they found anything, nothing was found using, Kaspersky, Windows Defender, Eset, hitmanpro. Can someone help me confirm that the computer is virus free please.
Need help to confirm if pc is virus free
in Resolved Malware Removal Logs
Posted
Kevin
FYI, donation made under ffranz email, thanks again