Jump to content

Recommended Posts

Hi I sent an email today and got a reply that

'Remote Server returned '550 This message contains malware (SecuriteInfo.com.W97M.DownLoader.2938.UNOFFICIAL)''

Text of reply message is at end of this post. 

I checked and found that somehow Malwarebytes had disappeared from my Laptop (Windows 7 64 bit). 

I don't know why it was gone, or for how long. I reinstalled, ran a scan, and it found one threat which it described as 'generic.malware/suspicious'. I have quarantined that file.

I separately scanned the Word doc that was attached to the outgoing email, and it scanned as clean.  

Do I need to do anything else? A google search is suggesting this is a nasty virus and requires more serious actions, including regedit. 

Thanks in advance. 

Lisa

---

From: Microsoft Outlook
Sent: 05 May 2019 11:17
To: recipient@domain.com.au
Subject: Undeliverable: Assessment Result 
 


Delivery has failed to these recipients or groups:

recipient@domain.com.au (recipient@domain.com.au)
A problem occurred while delivering this message to this email address. Try sending this message again. If the problem continues, please contact your helpdesk.

The following organization rejected your message: itoncloud.com.

Diagnostic information for administrators:

Generating server: AUGEDB01.itoncloud.com


recipient@domain.com.au
 itoncloud.com
 Remote Server returned '550 This message contains malware (SecuriteInfo.com.W97M.DownLoader.2938.UNOFFICIAL)'


Original message headers:
Received: from AUGEDB02.itoncloud.com (10.202.0.32) by AUGEDB01.itoncloud.com
 (10.202.0.31) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 5 May
 2019 11:17:15 +1000
Received: from AUGEDB01.itoncloud.com (10.202.0.31) by AUGEDB02.itoncloud.com
 (10.202.0.32) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Sun, 5 May
 2019 11:17:14 +1000
Received: from AUGEDB01.itoncloud.com ([fe80::d8ee:83fb:7fd5:e1db]) by
 AUGEDB01.itoncloud.com ([fe80::d8ee:83fb:7fd5:e1db%20]) with mapi id
 15.00.1473.003; Sun, 5 May 2019 11:17:14 +1000
From: Lisa Harrison <sender@domain2.com.au>
To: "recipient@domain.com.au" <recipient@domain.com.au>
CC: Assessments <assessments@domain2.com.au>
Subject: Assessment Result
Thread-Topic: Assessment Result
Thread-Index: AQHVAuAxHCOS8ht8dEyVpfuYBpL8MA==
Date: Sun, 5 May 2019 01:17:13 +0000
Message-ID: <1557019033798.42761@bsilearning.com.au>
Accept-Language: en-GB, en-AU, en-US
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [103.215.21.80]
x-exclaimer-md-config: 3dbf2735-165a-4db8-8975-c3d0c02b550a
Content-Type: multipart/mixed;
    boundary="_004_155701903379842761bsilearningcomau_"
MIME-Version: 1.0
Return-Path: sender@domain2.com.au

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download Malwarebytes Anti-Malware from here
 

  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.


Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Malwarebytes your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).


===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

Hi Nasdaq 

Thank you so much for your help. 

All scan logs are attached as you instructed. And here is the text from FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-05.2019 01
Ran by Lisa (administrator) on LISAULTRABOOK (TOSHIBA Satellite Z830) (06-05-2019 18:45:44)
Running from C:\Users\Lisa\Documents\temp\FRST-OlderVersion
Loaded Profiles: Lisa (Available Profiles: Lisa)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE
(Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE
(Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiPresentation\LogiPresentation.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiPresentation\Software\1.52.24\LogiPresentationMgr.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiPresentation\Software\1.52.24\LogiPresentationUI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NetUptimeMonitor.com) [File not signed] C:\Program Files (x86)\Net Uptime Monitor\NetUptimeMonitor.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Lisa\AppData\Local\slack\app-3.4.0\slack.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [FXAPQLU] => C:\Program Files\Fuji Xerox\Printer Software for AP\FXAPQLUZ.EXE [1152960 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.)
HKLM\...\Run: [FXSMAPPSP] => C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPSPZ.EXE [1143744 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.)
HKLM\...\Run: [LogiPresentation] => C:\Program Files\Logitech\LogiPresentation\LogiPresentation.exe [1590408 2018-10-26] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [com.squirrel.slack.slack] => C:\Users\Lisa\AppData\Local\slack\Update.exe [1569296 2019-05-03] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [NetUptimeMonitor] => C:\Program Files (x86)\Net Uptime Monitor\NetUptimeMonitor.exe [6409216 2017-08-09] (NetUptimeMonitor.com) [File not signed]
HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [Google Update] => C:\Users\Lisa\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe [752424 2019-03-28] (Google Inc -> Google LLC)
HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Run: [Dropbox Update] => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-03] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01ECC4F4-EC36-4260-B770-C5A33FA40EFE} - System32\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000 => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupdate.exe [32256 2019-05-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {16AC86E3-A797-4E41-84C3-4D9E801C3179} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-04-10] (Adobe Inc. -> Adobe)
Task: {2BFEE008-22B7-49B1-90CE-9C9EA050C524} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc -> Google Inc.)
Task: {2F78A50F-CE00-42E0-A7F1-CDB135C19671} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4382048 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {32742DC8-0FEF-4ADE-A76A-9F14851D42F6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4E8AD4BB-F299-4BEA-B559-62BBB9DCD6CF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {4E8AD4BB-F299-4BEA-B559-62BBB9DCD6CF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400  [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {53D12122-C24F-4779-93A4-04922FEC5B67} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112672 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {57FCADBC-F2A6-42E3-B28F-BC6C2EE2F610} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {57FCADBC-F2A6-42E3-B28F-BC6C2EE2F610} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400  [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {6B8A2383-88FF-4944-A049-424A0554F2D9} - System32\Tasks\{7E2F20D8-AFD9-466C-8BCA-199B5A06BB19} => C:\Windows\system32\pcalua.exe -a C:\Users\Lisa\Downloads\lide60vst6411111a_64en\SetupSG.exe -d C:\Users\Lisa\Downloads\lide60vst6411111a_64en
Task: {742F9E5B-4A8C-47E8-BE40-2ACCA51F0449} - System32\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000 => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupload.exe [32256 2019-05-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {83031CDD-5F6F-44DE-9125-436FC6C97E2E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1439368 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A5073845-B8B6-4945-B1A6-A15AF5F90111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-05] (Google Inc -> Google Inc.)
Task: {AA532A52-9481-49BC-9AD1-CF75CCB0CF8A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26196056 2019-04-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABAB2083-F47A-435F-A323-6BC2A104AB4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {BEBD8FD2-1CC1-4549-BB98-5578FC5D85A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CC587211-181E-4C65-BC34-2AFDE9222414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-05] (Google Inc -> Google Inc.)
Task: {CED5E586-6C7B-466F-9B19-BD5F901CB8D5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112672 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CF101C10-F6B5-49F6-843E-7D1D6BEF5CE1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-10] (Adobe Inc. -> Adobe)
Task: {D0A89E7C-DFDA-4748-BC18-505160F0F1A1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1439368 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7628BFF-6626-4841-AF3C-C714C1287999} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1427056 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E8DD72CA-136A-4A9D-8FE0-076FBF843160} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {E8DD72CA-136A-4A9D-8FE0-076FBF843160} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [358400  [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {E95A58D6-5288-470F-BC98-D3A18E07D00E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA => C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-06] (Google Inc -> Google Inc.)
Task: {F3DEED77-C86F-4444-B022-F615658E2CB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26196056 2019-04-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9602EB3-6AAB-44C1-8434-954EAA96F585} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4382048 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC31F32D-1F39-4658-A48F-BC1BBAD201AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {FC31F32D-1F39-4658-A48F-BC1BBAD201AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {FC31F32D-1F39-4658-A48F-BC1BBAD201AB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [358400  [358400 2016-05-20]] (Microsoft Windows -> Microsoft Corporation)
Task: {FD216753-C846-461F-9B4F-44D2016BEC15} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA.job => C:\Users\Lisa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job => C:\Users\Lisa\AppData\Local\GoToMeeting\12933\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 61.9.194.49 61.9.195.193
Tcpip\..\Interfaces\{A1B19211-0EC0-4CBF-B241-DAAA65C4C128}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{A7F919E8-30A3-4D09-BE4A-37FD392B87F8}: [DhcpNameServer] 61.9.194.49 61.9.195.193
Tcpip\..\Interfaces\{DCAB1756-50D2-4E72-81AB-706505743761}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://captology.stanford.edu/
hxxps://sites.google.com/view/learn-tiny-habits/2-my-5-day-program?authuser=0
hxxps://ggsc.berkeley.edu/
hxxp://tinyhabitsacademy.org/
hxxp://rn3.768.myftpupload.com/
SearchScopes: HKU\S-1-5-21-4019441811-2367701073-2962110307-1000 -> DefaultScope {79EB9250-8A1B-417B-A210-941780DC3099} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4019441811-2367701073-2962110307-1000 -> {79EB9250-8A1B-417B-A210-941780DC3099} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
DPF: HKLM-x32 {11818680-FCF6-11D0-9808-0800092A4865} hxxps://www.ato.gov.au/misc/formflow/codebase/FormCtl.cab
DPF: HKLM-x32 {224F7DEA-B7C1-11D3-AB40-00902712A5C9} hxxps://www.ato.gov.au/misc/formflow/codebase/plsspeller.cab
DPF: HKLM-x32 {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} hxxps://www.ato.gov.au/misc/formflow/codebase/scriptobject.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP6-58/webex/ieatgpc1.cab
DPF: HKLM-x32 {EF2FB80F-0975-408E-A871-B00CC863478A} hxxps://www.ato.gov.au/misc/formflow/codebase/fontinstaller.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-30] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
FF Extension: (YouTube Downloader Extension) - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2013-07-30] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F5C9A887-F242-4896-AA5B-D5853EAAEA31}] - C:\Program Files (x86)\Kotato\FLV Downloader\FLVD_FF.xpi
FF Extension: (FLV Downloader Extension) - C:\Program Files (x86)\Kotato\FLV Downloader\FLVD_FF.xpi [2016-07-26] [Legacy]
FF HKU\S-1-5-21-4019441811-2367701073-2962110307-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-10] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-07-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-26] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Lisa\AppData\Local\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Lisa\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-12-05] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-4019441811-2367701073-2962110307-1000: LWAPlugin15.8 -> C:\Users\Lisa\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Lisa\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-03-29]
FF Plugin ProgramFiles/Appdata: C:\Users\Lisa\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2018-03-29]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.thriveglobal.com/stories/21607-the-indecision-trap-when-it-comes-to-life-s-challenges-we-really-only-have-4-choices","hxxps://www.google.com.au/"
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2019-05-06]
CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]
CHR Extension: (YouTube Downloader Extension) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp [2015-10-05]
CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (Cisco Webex Extension) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-25]
CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-07-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146240 2019-04-26] (Microsoft Corporation -> Microsoft Corporation)
R2 FXSMAPPWD; C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPPWDN.EXE [155584 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.)
R2 FXSMAPSDB; C:\Program Files\Fuji Xerox\SimpleMonitor for AP\FXAPSDBN.EXE [344000 2012-11-12] (Fuji Xerox Co., Ltd. -> Fuji Xerox Co., Ltd.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-09] (Bitdefender SRL -> Bitdefender)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2811392 2012-04-19] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (Bitdefender SRL -> BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (Bitdefender SRL -> BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (Bitdefender SRL -> BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL -> Bitdefender SRL)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (Bitdefender SRL -> BitDefender LLC)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12306848 2011-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-05-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-05-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-05-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-05-05] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [107368 2019-05-05] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [96768 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [213504 2011-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-25] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [286080 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA CORPORATION)
S3 TosRfSnd; C:\Windows\System32\drivers\tosrfsnd.sys [63488 2010-04-26] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (Bitdefender SRL -> BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-06 18:44 - 2019-05-06 18:45 - 000000000 ____D C:\FRST
2019-05-06 18:40 - 2019-05-06 18:40 - 000001766 _____ C:\Users\Lisa\Desktop\AdwCleaner[S00].txt
2019-05-06 18:35 - 2019-05-06 18:41 - 000000000 ____D C:\AdwCleaner
2019-05-06 18:24 - 2019-05-06 18:24 - 000001226 _____ C:\Users\Lisa\Desktop\mbam log.txt
2019-05-05 14:07 - 2019-05-05 14:07 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-05-05 14:07 - 2019-05-05 14:07 - 000107368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-05-05 14:07 - 2019-05-05 14:07 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-05-05 14:06 - 2019-05-05 14:06 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-05 11:30 - 2019-05-05 11:30 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-05 11:28 - 2019-05-05 11:28 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbam
2019-05-05 11:27 - 2019-05-05 11:27 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbamtray
2019-05-05 11:26 - 2019-05-05 11:26 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-05 11:26 - 2019-05-05 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-05 11:26 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-04 17:42 - 2019-05-04 17:42 - 000000000 ____D C:\ProgramData\PDFC
2019-05-04 16:27 - 2019-05-04 16:27 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-05-04 16:27 - 2019-05-04 16:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Logitech
2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Logishrd
2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\ProgramData\Logishrd
2019-05-03 14:25 - 2019-05-03 14:25 - 000000000 ____D C:\Program Files\Logitech
2019-04-27 07:52 - 2019-04-27 07:52 - 000302962 _____ C:\Users\Lisa\Downloads\Please_DocuSign_Scopesuite_Partnership_progr.pdf
2019-04-26 11:21 - 2019-04-26 11:21 - 000117424 _____ C:\Users\Lisa\Documents\Presentation1.pptx
2019-04-25 09:45 - 2019-04-25 09:45 - 000000000 ____D C:\Users\Lisa\AppData\Local\PDFC
2019-04-25 09:43 - 2019-04-25 09:44 - 059707016 _____ (PDF Complete Inc) C:\Users\Lisa\Desktop\pdfc_corp_41045_demo.exe
2019-04-24 17:43 - 2019-04-24 17:43 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Neuxpower
2019-04-24 17:32 - 2019-04-25 09:35 - 000000058 _____ C:\Users\Lisa\AppData\Roaming\pdfcompressor.ini
2019-04-24 16:54 - 2019-04-24 16:54 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\YCanPDF
2019-04-24 16:54 - 2019-04-24 16:54 - 000000000 ____D C:\CompressedPDF
2019-04-24 16:47 - 2019-04-25 09:51 - 000000000 ____D C:\Program Files (x86)\PDF Compressor
2019-04-24 16:47 - 2019-04-24 16:48 - 000000000 ____D C:\Users\Lisa\AppData\Local\iWesoft
2019-04-24 16:47 - 2019-04-24 16:47 - 000000000 ____D C:\Users\Lisa\Documents\PDF Compressor Output
2019-04-24 14:52 - 2019-04-24 14:52 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-04-22 10:47 - 2019-04-22 20:29 - 000000000 ____D C:\Users\Lisa\Documents\France Italy Trip
2019-04-19 17:45 - 2019-04-20 19:03 - 000000000 ____D C:\Users\Lisa\Documents\Personal Finance
2019-04-14 12:10 - 2019-04-11 09:12 - 006816683 _____ C:\Users\Lisa\Documents\Learning Pyramid Brochure.pdf
2019-04-06 16:28 - 2019-04-06 16:28 - 000144574 _____ C:\Users\Lisa\Downloads\Notification_1-F3MCCIH.PDF

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-06 18:44 - 2019-03-23 19:23 - 000000000 ____D C:\Users\Lisa\Documents\temp
2019-05-06 18:43 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Slack
2019-05-06 18:43 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Local\slack
2019-05-06 18:42 - 2018-05-07 18:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-05-06 18:42 - 2018-04-06 12:31 - 000002128 _____ C:\Users\Lisa\Desktop\Slack.lnk
2019-05-06 18:42 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-05-06 18:42 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-06 18:38 - 2009-07-14 14:45 - 000032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-06 18:38 - 2009-07-14 14:45 - 000032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-06 18:36 - 2009-07-14 15:13 - 000785942 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-06 18:36 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf
2019-05-06 18:34 - 2018-04-26 14:23 - 000000532 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job
2019-05-06 18:26 - 2015-06-17 08:21 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000UA.job
2019-05-06 18:00 - 2018-04-26 14:23 - 000000628 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000.job
2019-05-05 14:25 - 2015-06-17 08:21 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4019441811-2367701073-2962110307-1000Core.job
2019-05-05 11:26 - 2015-04-26 19:15 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-04 16:29 - 2018-05-05 16:07 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-04 16:26 - 2014-05-28 10:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-05-04 16:25 - 2009-07-14 15:08 - 000032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-05-04 15:11 - 2018-04-26 14:23 - 000003662 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4019441811-2367701073-2962110307-1000
2019-05-04 15:11 - 2018-04-26 14:23 - 000003566 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4019441811-2367701073-2962110307-1000
2019-05-04 15:11 - 2018-04-26 14:23 - 000000000 ____D C:\Users\Lisa\AppData\Local\GoToMeeting
2019-05-03 09:17 - 2015-10-05 10:42 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-03 09:17 - 2015-10-05 10:42 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-03 09:05 - 2018-04-06 12:31 - 000000000 ____D C:\Users\Lisa\AppData\Local\SquirrelTemp
2019-04-29 17:45 - 2018-03-24 17:04 - 000000000 ____D C:\Users\Lisa\Documents\Business Projects
2019-04-29 10:16 - 2014-05-28 19:05 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\PrimoPDF
2019-04-25 09:52 - 2014-06-05 08:32 - 000000000 ____D C:\ProgramData\Skype
2019-04-24 17:45 - 2014-05-28 10:15 - 000000000 ____D C:\Users\Lisa\AppData\Local\Adobe
2019-04-24 14:52 - 2014-07-08 07:59 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\Dropbox
2019-04-23 21:17 - 2017-10-22 20:12 - 000000000 ____D C:\Users\Lisa\Documents\Business Development
2019-04-23 19:36 - 2018-04-12 16:01 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\iSkysoft
2019-04-20 01:13 - 2018-11-22 07:07 - 000000000 ____D C:\Users\Lisa\Documents\professional development
2019-04-20 00:06 - 2019-03-10 11:58 - 000003182 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4019441811-2367701073-2962110307-1000
2019-04-20 00:06 - 2019-03-10 11:48 - 000002162 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2019-04-20 00:06 - 2019-03-10 11:48 - 000000000 ___RD C:\Users\Lisa\OneDrive
2019-04-10 21:09 - 2018-03-13 19:53 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-10 21:09 - 2014-09-14 07:28 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-04-10 21:09 - 2014-05-04 15:21 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-04-10 21:09 - 2014-05-04 15:21 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-10 21:09 - 2014-05-04 15:20 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-10 21:09 - 2014-03-30 10:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-04-10 08:15 - 2018-09-21 08:34 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2011-07-21 14:23 - 2011-07-21 14:23 - 000020944 _____ (Intel Corporation) C:\Users\Lisa\AppData\Roaming\JomCap.dll
2019-04-24 17:32 - 2019-04-25 09:35 - 000000058 _____ () C:\Users\Lisa\AppData\Roaming\pdfcompressor.ini
2015-06-21 17:32 - 2018-12-25 07:50 - 000013312 _____ () C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\Windows\system32\Drivers\09437B42.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\Windows\system32\Drivers\10497A54.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\Windows\system32\Drivers\5E217A78.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\Windows\system32\Drivers\6E787A2A.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder)
FCheck: C:\Windows\system32\Drivers\74597874.sys [2017-06-17] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-03 17:21
==================== End of FRST.txt ============================

mbam log.txt AdwCleaner[S00].txt Addition.txt

Link to post
Share on other sites

Hi,

Please run the AdwCleaner tool and delete all the items reported.
====

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The computer will restart when completed.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.