Lisa2

Members

View Profile See their activity

Posts
3
Joined
May 5, 2019
Last visited
May 6, 2019

Reputation

0 Neutral

W97M.DownLoader.2938.UNOFFICIAL

Lisa2 replied to Lisa2's topic in Resolved Malware Removal Logs

Hi I've done as you instructed. Thanks the fixlog.txt file is attached. Weirdly, when I returned to the forum to post this message, my (stored) password was not accepted, and I had to reset it to be able to log in. Fixlog.txt
- May 6, 2019
- 6 replies
W97M.DownLoader.2938.UNOFFICIAL

Lisa2 replied to Lisa2's topic in Resolved Malware Removal Logs

Hi Nasdaq Thank you so much for your help. All scan logs are attached as you instructed. And here is the text from FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-05.2019 01 Ran by Lisa (administrator) on LISAULTRABOOK (TOSHIBA Satellite Z830) (06-05-2019 18:45:44) Running from C:\Users\Lisa\Documents\temp\FRST-OlderVersion Loaded Profiles: Lisa (Available Profiles: Lisa) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiPresentation\LogiPresentation.exe (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiPresentation\Software\1.52.24\LogiPresentationMgr.exe (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiPresentation\Software\1.52.24\LogiPresentationUI.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (NetUptimeMonitor.com) [File not signed] C:\Program Files (x86)\Net Uptime Monitor\NetUptimeMonitor.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe (Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe (Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe (Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe (Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe (Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA CORPORATION -> TOSHIBA Corporation) HKLM\...\Run: [FXAPQLU] => C:\Program Files\Fuji Xerox\Printer Software for AP\FXAPQLUZ.EXE [1152960 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) HKLM\...\Run: [FXSMAPPSP] => C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE [1143744 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) HKLM\...\Run: [LogiPresentation] => C:\Program Files\Logitech\LogiPresentation\LogiPresentation.exe [1590408 2018-10-26] (Logitech Inc -> Logitech, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [com.squirrel.slack.slack] => C:\Users\Lisa\AppData\Local\slack\Update.exe [1569296 2019-05-03] (Slack Technologies, Inc. -> ) HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [NetUptimeMonitor] => C:\Program Files (x86)\Net Uptime Monitor\NetUptimeMonitor.exe [6409216 2017-08-09] (NetUptimeMonitor.com) [File not signed] HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [Google Update] => C:\Users\Lisa\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC) HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01ECC4F4-EC36-4260-B770-C5A33FA40EFE} - System32\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000 => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupdate.exe [32256 2019-05-05] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {16AC86E3-A797-4E41-84C3-4D9E801C3179} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-10] (Adobe Inc. -> Adobe) Task: {2BFEE008-22B7-49B1-90CE-9C9EA050C524} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc -> Google Inc.) Task: {2F78A50F-CE00-42E0-A7F1-CDB135C19671} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4382048 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {32742DC8-0FEF-4ADE-A76A-9F14851D42F6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.) Task: {4E8AD4BB-F299-4BEA-B559-62BBB9DCD6CF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime Task: {4E8AD4BB-F299-4BEA-B559-62BBB9DCD6CF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {53D12122-C24F-4779-93A4-04922FEC5B67} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112672 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {57FCADBC-F2A6-42E3-B28F-BC6C2EE2F610} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent Task: {57FCADBC-F2A6-42E3-B28F-BC6C2EE2F610} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {6B8A2383-88FF-4944-A049-424A0554F2D9} - System32\Tasks\{7E2F20D8-AFD9-466C-8BCA-199B5A06BB19} => C:\Windows\system32\pcalua.exe -a C:\Users\Lisa\Downloads\lide60vst6411111a_64en\SetupSG.exe -d C:\Users\Lisa\Downloads\lide60vst6411111a_64en Task: {742F9E5B-4A8C-47E8-BE40-2ACCA51F0449} - System32\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000 => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupload.exe [32256 2019-05-05] (LogMeIn, Inc. -> LogMeIn, Inc.) Task: {83031CDD-5F6F-44DE-9125-436FC6C97E2E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1439368 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {A5073845-B8B6-4945-B1A6-A15AF5F90111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-05] (Google Inc -> Google Inc.) Task: {AA532A52-9481-49BC-9AD1-CF75CCB0CF8A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26196056 2019-04-26] (Microsoft Corporation -> Microsoft Corporation) Task: {ABAB2083-F47A-435F-A323-6BC2A104AB4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {BEBD8FD2-1CC1-4549-BB98-5578FC5D85A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.) Task: {CC587211-181E-4C65-BC34-2AFDE9222414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-05] (Google Inc -> Google Inc.) Task: {CED5E586-6C7B-466F-9B19-BD5F901CB8D5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112672 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {CF101C10-F6B5-49F6-843E-7D1D6BEF5CE1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-10] (Adobe Inc. -> Adobe) Task: {D0A89E7C-DFDA-4748-BC18-505160F0F1A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1439368 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {E7628BFF-6626-4841-AF3C-C714C1287999} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1427056 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {E8DD72CA-136A-4A9D-8FE0-076FBF843160} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {E8DD72CA-136A-4A9D-8FE0-076FBF843160} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {E95A58D6-5288-470F-BC98-D3A18E07D00E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc -> Google Inc.) Task: {F3DEED77-C86F-4444-B022-F615658E2CB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26196056 2019-04-26] (Microsoft Corporation -> Microsoft Corporation) Task: {F9602EB3-6AAB-44C1-8434-954EAA96F585} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4382048 2019-05-03] (Microsoft Corporation -> Microsoft Corporation) Task: {FC31F32D-1F39-4658-A48F-BC1BBAD201AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig Task: {FC31F32D-1F39-4658-A48F-BC1BBAD201AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent Task: {FC31F32D-1F39-4658-A48F-BC1BBAD201AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400 [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation) Task: {FD216753-C846-461F-9B4F-44D2016BEC15} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupload.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 61.9.194.49 61.9.195.193 Tcpip\..\Interfaces\{A1B19211-0EC0-4CBF-B241-DAAA65C4C128}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{A7F919E8-30A3-4D09-BE4A-37FD392B87F8}: [DhcpNameServer] 61.9.194.49 61.9.195.193 Tcpip\..\Interfaces\{DCAB1756-50D2-4E72-81AB-706505743761}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://captology.stanford.edu/ hxxps://sites.google.com/view/learn-tiny-habits/2-my-5-day-program?authuser=0 hxxps://ggsc.berkeley.edu/ hxxp://tinyhabitsacademy.org/ hxxp://rn3.768.myftpupload.com/ SearchScopes: HKU\S-1-5-21-4019441811-2367701073-2962110307-1000 -> DefaultScope {79EB9250-8A1B-417B-A210-941780DC3099} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4019441811-2367701073-2962110307-1000 -> {79EB9250-8A1B-417B-A210-941780DC3099} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.) DPF: HKLM-x32 {11818680-FCF6-11D0-9808-0800092A4865} hxxps://www.ato.gov.au/misc/formflow/codebase/FormCtl.cab DPF: HKLM-x32 {224F7DEA-B7C1-11D3-AB40-00902712A5C9} hxxps://www.ato.gov.au/misc/formflow/codebase/plsspeller.cab DPF: HKLM-x32 {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} hxxps://www.ato.gov.au/misc/formflow/codebase/scriptobject.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP6-58/webex/ieatgpc1.cab DPF: HKLM-x32 {EF2FB80F-0975-408E-A871-B00CC863478A} hxxps://www.ato.gov.au/misc/formflow/codebase/fontinstaller.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-30] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi FF Extension: (YouTube Downloader Extension) - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2013-07-30] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F5C9A887-F242-4896-AA5B-D5853EAAEA31}] - C:\Program Files (x86)\Kotato\FLV Downloader\FLVD_FF.xpi FF Extension: (FLV Downloader Extension) - C:\Program Files (x86)\Kotato\FLV Downloader\FLVD_FF.xpi [2016-07-26] [Legacy] FF HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> ) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-07-21] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC) FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Lisa\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-12-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: LWAPlugin15.8 -> C:\Users\Lisa\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation -> Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Lisa\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-03-29] FF Plugin ProgramFiles/Appdata: C:\Users\Lisa\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2018-03-29] Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.thriveglobal.com/stories/21607-the-indecision-trap-when-it-comes-to-life-s-challenges-we-really-only-have-4-choices","hxxps://www.google.com.au/" CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2019-05-06] CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05] CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16] CHR Extension: (YouTube Downloader Extension) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp [2015-10-05] CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18] CHR Extension: (Cisco Webex Extension) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07] CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24] CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25] CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-07-03] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146240 2019-04-26] (Microsoft Corporation -> Microsoft Corporation) R2 FXSMAPPWD; C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE [155584 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) R2 FXSMAPSDB; C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE [344000 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-09] (Bitdefender SRL -> Bitdefender) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2811392 2012-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (Bitdefender SRL -> BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (Bitdefender SRL -> BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (Bitdefender SRL -> BitDefender) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL -> Bitdefender SRL) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (Bitdefender SRL -> BitDefender LLC) R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12306848 2011-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-05-05] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-05-05] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-05-05] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-05] (Malwarebytes Corporation -> Malwarebytes) S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [107368 2019-05-05] (Malwarebytes Corporation -> Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation) R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [286080 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA CORPORATION) S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (Bitdefender SRL -> BitDefender S.R.L.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-06 18:44 - 2019-05-06 18:45 - 000000000 ____D C:\FRST 2019-05-06 18:40 - 2019-05-06 18:40 - 000001766 _____ C:\Users\Lisa\Desktop\AdwCleaner[S00].txt 2019-05-06 18:35 - 2019-05-06 18:41 - 000000000 ____D C:\AdwCleaner 2019-05-06 18:24 - 2019-05-06 18:24 - 000001226 _____ C:\Users\Lisa\Desktop\mbam log.txt 2019-05-05 14:07 - 2019-05-05 14:07 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-05-05 14:07 - 2019-05-05 14:07 - 000107368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-05-05 14:07 - 2019-05-05 14:07 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-05-05 14:06 - 2019-05-05 14:06 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-05-05 11:30 - 2019-05-05 11:30 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-05-05 11:28 - 2019-05-05 11:28 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbam 2019-05-05 11:27 - 2019-05-05 11:27 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbamtray 2019-05-05 11:26 - 2019-05-05 11:26 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-05-05 11:26 - 2019-05-05 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-05-05 11:26 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-05-04 17:42 - 2019-05-04 17:42 - 000000000 ____D C:\ProgramData\PDFC 2019-05-04 16:27 - 2019-05-04 16:27 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2019-05-04 16:27 - 2019-05-04 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Logitech 2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Logishrd 2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\ProgramData\Logishrd 2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\Program Files\Logitech 2019-04-27 07:52 - 2019-04-27 07:52 - 000302962 _____ C:\Users\Lisa\Downloads\Please_DocuSign_Scopesuite_Partnership_progr.pdf 2019-04-26 11:21 - 2019-04-26 11:21 - 000117424 _____ C:\Users\Lisa\Documents\Presentation1.pptx 2019-04-25 09:45 - 2019-04-25 09:45 - 000000000 ____D C:\Users\Lisa\AppData\Local\PDFC 2019-04-25 09:43 - 2019-04-25 09:44 - 059707016 _____ (PDF Complete Inc) C:\Users\Lisa\Desktop\pdfc_corp_41045_demo.exe 2019-04-24 17:43 - 2019-04-24 17:43 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Neuxpower 2019-04-24 17:32 - 2019-04-25 09:35 - 000000058 _____ C:\Users\Lisa\AppData\Roaming\pdfcompressor.ini 2019-04-24 16:54 - 2019-04-24 16:54 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\YCanPDF 2019-04-24 16:54 - 2019-04-24 16:54 - 000000000 ____D C:\CompressedPDF 2019-04-24 16:47 - 2019-04-25 09:51 - 000000000 ____D C:\Program Files (x86)\PDF Compressor 2019-04-24 16:47 - 2019-04-24 16:48 - 000000000 ____D C:\Users\Lisa\AppData\Local\iWesoft 2019-04-24 16:47 - 2019-04-24 16:47 - 000000000 ____D C:\Users\Lisa\Documents\PDF Compressor Output 2019-04-24 14:52 - 2019-04-24 14:52 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2019-04-22 10:47 - 2019-04-22 20:29 - 000000000 ____D C:\Users\Lisa\Documents\France Italy Trip 2019-04-19 17:45 - 2019-04-20 19:03 - 000000000 ____D C:\Users\Lisa\Documents\Personal Finance 2019-04-14 12:10 - 2019-04-11 09:12 - 006816683 _____ C:\Users\Lisa\Documents\Learning Pyramid Brochure.pdf 2019-04-06 16:28 - 2019-04-06 16:28 - 000144574 _____ C:\Users\Lisa\Downloads\Notification_1-F3MCCIH.PDF ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-06 18:44 - 2019-03-23 19:23 - 000000000 ____D C:\Users\Lisa\Documents\temp 2019-05-06 18:43 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Slack 2019-05-06 18:43 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Local\slack 2019-05-06 18:42 - 2018-05-07 18:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2019-05-06 18:42 - 2018-04-06 12:31 - 000002128 _____ C:\Users\Lisa\Desktop\Slack.lnk 2019-05-06 18:42 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies 2019-05-06 18:42 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-05-06 18:38 - 2009-07-14 14:45 - 000032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-05-06 18:38 - 2009-07-14 14:45 - 000032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-05-06 18:36 - 2009-07-14 15:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI 2019-05-06 18:36 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf 2019-05-06 18:34 - 2018-04-26 14:23 - 000000532 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job 2019-05-06 18:26 - 2015-06-17 08:21 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA.job 2019-05-06 18:00 - 2018-04-26 14:23 - 000000628 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job 2019-05-05 14:25 - 2015-06-17 08:21 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core.job 2019-05-05 11:26 - 2015-04-26 19:15 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-05-04 16:29 - 2018-05-05 16:07 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-04 16:26 - 2014-05-28 10:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-05-04 16:25 - 2009-07-14 15:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2019-05-04 15:11 - 2018-04-26 14:23 - 000003662 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000 2019-05-04 15:11 - 2018-04-26 14:23 - 000003566 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000 2019-05-04 15:11 - 2018-04-26 14:23 - 000000000 ____D C:\Users\Lisa\AppData\Local\GoToMeeting 2019-05-03 09:17 - 2015-10-05 10:42 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-05-03 09:17 - 2015-10-05 10:42 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-05-03 09:05 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Local\SquirrelTemp 2019-04-29 17:45 - 2018-03-24 17:04 - 000000000 ____D C:\Users\Lisa\Documents\Business Projects 2019-04-29 10:16 - 2014-05-28 19:05 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\PrimoPDF 2019-04-25 09:52 - 2014-06-05 08:32 - 000000000 ____D C:\ProgramData\Skype 2019-04-24 17:45 - 2014-05-28 10:15 - 000000000 ____D C:\Users\Lisa\AppData\Local\Adobe 2019-04-24 14:52 - 2014-07-08 07:59 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox 2019-04-23 21:17 - 2017-10-22 20:12 - 000000000 ____D C:\Users\Lisa\Documents\Business Development 2019-04-23 19:36 - 2018-04-12 16:01 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\iSkysoft 2019-04-20 01:13 - 2018-11-22 07:07 - 000000000 ____D C:\Users\Lisa\Documents\professional development 2019-04-20 00:06 - 2019-03-10 11:58 - 000003182 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4019441811-2367701073-2962110307-1000 2019-04-20 00:06 - 2019-03-10 11:48 - 000002162 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2019-04-20 00:06 - 2019-03-10 11:48 - 000000000 ___RD C:\Users\Lisa\OneDrive 2019-04-10 21:09 - 2018-03-13 19:53 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2019-04-10 21:09 - 2014-09-14 07:28 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-04-10 21:09 - 2014-05-04 15:21 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-04-10 21:09 - 2014-05-04 15:21 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-04-10 21:09 - 2014-05-04 15:20 - 000000000 ____D C:\Windows\system32\Macromed 2019-04-10 21:09 - 2014-03-30 10:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-04-10 08:15 - 2018-09-21 08:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2011-07-21 14:23 - 2011-07-21 14:23 - 000020944 _____ (Intel Corporation) C:\Users\Lisa\AppData\Roaming\JomCap.dll 2019-04-24 17:32 - 2019-04-25 09:35 - 000000058 _____ () C:\Users\Lisa\AppData\Roaming\pdfcompressor.ini 2015-06-21 17:32 - 2018-12-25 07:50 - 000013312 _____ () C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== FCheck ================================ (If an entry is included in the fixlist, the file/folder will be moved.) FCheck: C:\Windows\system32\Drivers\09437B42.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\system32\Drivers\10497A54.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\system32\Drivers\5E217A78.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\system32\Drivers\6E787A2A.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder) FCheck: C:\Windows\system32\Drivers\74597874.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder) ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-05-03 17:21 ==================== End of FRST.txt ============================ mbam log.txt AdwCleaner[S00].txt Addition.txt
- May 6, 2019
- 6 replies
Lisa2 joined the community May 5, 2019
W97M.DownLoader.2938.UNOFFICIAL

Lisa2 posted a topic in Resolved Malware Removal Logs

Hi I sent an email today and got a reply that 'Remote Server returned '550 This message contains malware (SecuriteInfo.com.W97M.DownLoader.2938.UNOFFICIAL)'' Text of reply message is at end of this post. I checked and found that somehow Malwarebytes had disappeared from my Laptop (Windows 7 64 bit). I don't know why it was gone, or for how long. I reinstalled, ran a scan, and it found one threat which it described as 'generic.malware/suspicious'. I have quarantined that file. I separately scanned the Word doc that was attached to the outgoing email, and it scanned as clean. Do I need to do anything else? A google search is suggesting this is a nasty virus and requires more serious actions, including regedit. Thanks in advance. Lisa --- From: Microsoft Outlook Sent: 05 May 2019 11:17 To: recipient@domain.com.au Subject: Undeliverable: Assessment Result Delivery has failed to these recipients or groups: recipient@domain.com.au (recipient@domain.com.au) A problem occurred while delivering this message to this email address. Try sending this message again. If the problem continues, please contact your helpdesk. The following organization rejected your message: itoncloud.com. Diagnostic information for administrators: Generating server: AUGEDB01.itoncloud.com recipient@domain.com.au itoncloud.com Remote Server returned '550 This message contains malware (SecuriteInfo.com.W97M.DownLoader.2938.UNOFFICIAL)' Original message headers: Received: from AUGEDB02.itoncloud.com (10.202.0.32) by AUGEDB01.itoncloud.com (10.202.0.31) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 5 May 2019 11:17:15 +1000 Received: from AUGEDB01.itoncloud.com (10.202.0.31) by AUGEDB02.itoncloud.com (10.202.0.32) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 5 May 2019 11:17:14 +1000 Received: from AUGEDB01.itoncloud.com ([fe80::d8ee:83fb:7fd5:e1db]) by AUGEDB01.itoncloud.com ([fe80::d8ee:83fb:7fd5:e1db%20]) with mapi id 15.00.1473.003; Sun, 5 May 2019 11:17:14 +1000 From: Lisa Harrison <sender@domain2.com.au> To: "recipient@domain.com.au" <recipient@domain.com.au> CC: Assessments <assessments@domain2.com.au> Subject: Assessment Result Thread-Topic: Assessment Result Thread-Index: AQHVAuAxHCOS8ht8dEyVpfuYBpL8MA== Date: Sun, 5 May 2019 01:17:13 +0000 Message-ID: <1557019033798.42761@bsilearning.com.au> Accept-Language: en-GB, en-AU, en-US Content-Language: en-GB X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [103.215.21.80] x-exclaimer-md-config: 3dbf2735-165a-4db8-8975-c3d0c02b550a Content-Type: multipart/mixed; boundary="_004_155701903379842761bsilearningcomau_" MIME-Version: 1.0 Return-Path: sender@domain2.com.au
- May 5, 2019
- 6 replies

Sign In

Lisa2

Posts

Joined

Last visited

Reputation

W97M.DownLoader.2938.UNOFFICIAL

W97M.DownLoader.2938.UNOFFICIAL

W97M.DownLoader.2938.UNOFFICIAL

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information