Jump to content


Photo

Trojan Attack from Email


  • This topic is locked This topic is locked
18 replies to this topic

#1 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 September 2016 - 12:27 PM

Hello Spyware helpers,

 

I was expecting an email from a customer who wanted to return an item.  I just happened to get a similar email the same morning requesting a return.  I attempted to open the attached Word document thinking it was from my customer.  It was not.  The document did not open in Word but it was already too late.  Vipre had been putting items in quarantine all morning.  More than 100 now.

 

I have Malwarebytes installed on my computer.  It has not indicated any problems.  Here are the results:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/7/2016
Scan Time: 1:11 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.07.07
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327344
Time Elapsed: 8 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Kathy (administrator) on MUSTANGMAIN (07-09-2016 13:23:19)
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy (Available Profiles: Kathy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(ThreatTrack Security Inc.) C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\VIPREUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8925184 2014-09-25] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [WSUpdater] => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe [238336 2016-03-02] (UPS)
HKLM-x32\...\Run: [NA1Messenger] => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe [29952 2016-03-02] ()
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3015696 2016-02-29] (ThreatTrack Security Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-07-01] (Siber Systems)
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [WinHost32] => C:\Users\Kathy\WinHost32.exe
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [2046790604] => C:\ProgramData\LuhdOnke\XicpAbfot.exe [151552 2016-09-07] ()
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\MountPoints2: {0597ee65-b361-11e4-a4c0-9cad97d593fe} - I:\LaunchU3.exe -a
AppInit_DLLs-x32: OGPDFLoader.dll => No File
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2016-01-18]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2016-01-18]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A5A3B470-0F51-4B36-9298-B1E8B418985F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CA33E398-BC3D-4D96-A902-A9FB90A9CFD0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000 -> DefaultScope {95255AAD-90EE-4536-82B5-6F660D5E11F8} URL =
SearchScopes: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000 -> {95255AAD-90EE-4536-82B5-6F660D5E11F8} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-27] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGx64.dll [2016-02-29] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-27] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSG.dll [2016-02-29] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGx64.dll [2016-02-29] ()
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSG.dll [2016-02-29] ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGx64.dll [2016-02-29] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSG.dll [2016-02-29] ()

FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-02-03] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1081182048-1524022262-3844287625-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kathy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-17] (Citrix Online)
FF Extension: (ColorfulTabs) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-09-06]
FF Extension: (Ghostery) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\firefox@ghostery.com.xpi [2016-08-11]
FF Extension: (Pinterest™ Panel) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\jid1-Jf3tAGwqs5Hjqz@jetpack.xpi [2016-04-21]
FF Extension: (Pin It button) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2016-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-07-01]
FF HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-05-11] (AOMEI Tech Co., Ltd.) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-02-03] (Sanford, L.P.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-26] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-11] (Macrovision Europe Ltd.) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$UPSWSDBSERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6602192 2016-02-29] (ThreatTrack Security Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [373264 2016-02-29] (ThreatTrack Security Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [6816744 2015-10-16] (ThreatTrack Security Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-25] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6178304 2014-09-25] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-09-25] (Broadcom Corporation.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [32400 2016-03-04] (ThreatTrack Security)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\1D3B58FD.sys [192216 2016-09-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [89000 2016-02-29] (ThreatTrack Security Inc.)
R3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [95608 2014-11-20] (ThreatTrack Security)
R2 WebExaminer; C:\Windows\system32\Drivers\WebExaminer64.sys [34408 2015-10-16] (ThreatTrack Security Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 13:23 - 2016-09-07 13:23 - 00021624 _____ C:\Users\Kathy\Desktop\FRST.txt
2016-09-07 13:23 - 2016-09-07 13:23 - 00000000 ____D C:\FRST
2016-09-07 13:11 - 2016-09-07 13:11 - 02397696 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe
2016-09-07 13:11 - 2016-09-07 13:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\1D3B58FD.sys
2016-09-07 03:23 - 2016-09-07 11:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\1261170A.sys
2016-09-06 11:37 - 2016-09-07 13:23 - 00000000 ____D C:\ProgramData\LuhdOnke
2016-09-06 07:27 - 2016-09-06 07:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4B400414.sys
2016-09-05 03:36 - 2016-09-05 03:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3ECB0504.sys
2016-09-03 03:36 - 2016-09-03 03:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\6EB86889.sys
2016-09-02 09:28 - 2016-09-07 11:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 03:32 - 2016-08-31 03:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\16787B37.sys
2016-08-30 03:17 - 2016-08-30 03:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4848214B.sys
2016-08-29 03:25 - 2016-08-29 03:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\36395970.sys
2016-08-27 03:27 - 2016-08-27 03:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\645A3E96.sys
2016-08-26 03:32 - 2016-08-26 03:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\2F157431.sys
2016-08-25 03:40 - 2016-08-25 03:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\1F102C4C.sys
2016-08-24 03:29 - 2016-08-24 03:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\7D65558A.sys
2016-08-22 03:43 - 2016-08-22 03:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\449B449D.sys
2016-08-19 03:38 - 2016-08-19 03:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\79815640.sys
2016-08-18 03:40 - 2016-08-18 03:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\770B094D.sys
2016-08-16 07:16 - 2016-08-16 07:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\26D51255.sys
2016-08-09 03:21 - 2016-08-09 03:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\78A83B8D.sys
2016-08-08 03:33 - 2016-08-08 03:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\495A76A4.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 13:14 - 2015-01-11 12:14 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {5E80414A-9767-4CF8-B59C-91E25CA4B012}.job
2016-09-07 13:14 - 2015-01-11 12:14 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {5E80414A-9767-4CF8-B59C-91E25CA4B012}.job
2016-09-07 13:14 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-07 13:13 - 2014-09-25 17:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-07 12:48 - 2015-11-17 16:44 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1081182048-1524022262-3844287625-1000.job
2016-09-07 12:42 - 2015-03-01 13:42 - 00000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {EF526A4C-E985-495A-82C9-906D4F209E89}.job
2016-09-07 12:42 - 2015-03-01 13:42 - 00000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {EF526A4C-E985-495A-82C9-906D4F209E89}.job
2016-09-07 11:56 - 2016-07-21 14:30 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-09-07 11:43 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-07 11:43 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-07 11:39 - 2009-07-14 00:13 - 00851328 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-07 11:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-07 11:36 - 2016-04-02 09:04 - 00003424 _____ C:\Windows\SysWOW64\VipreEdgeProtectionOff.ini
2016-09-07 11:36 - 2016-04-02 09:04 - 00003424 _____ C:\Windows\system32\VipreEdgeProtectionOff.ini
2016-09-07 11:35 - 2015-01-11 16:55 - 00000000 ____D C:\Program Files (x86)\VIPRE
2016-09-07 11:35 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-07 11:35 - 2009-07-13 23:45 - 02351688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-07 11:34 - 2015-01-11 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-07 11:30 - 2015-11-17 16:44 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1081182048-1524022262-3844287625-1000.job
2016-09-06 13:14 - 2015-01-11 11:04 - 00000000 ____D C:\Users\Kathy
2016-09-06 03:26 - 2015-01-26 11:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-02 19:30 - 2015-11-17 16:44 - 00003690 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1081182048-1524022262-3844287625-1000
2016-09-02 19:30 - 2015-11-17 16:44 - 00003594 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1081182048-1524022262-3844287625-1000
2016-08-30 15:16 - 2015-01-11 12:53 - 00000000 ____D C:\Users\Kathy\Documents\Insurance Policy Info
2016-08-26 10:08 - 2015-02-11 10:50 - 00000000 ____D C:\Users\Kathy\Documents\Turbo Lister Backup
2016-08-24 13:16 - 2015-01-11 12:53 - 00000000 ____D C:\Users\Kathy\Documents\Parts Prices_Lists
2016-08-22 13:50 - 2015-01-11 12:53 - 00000000 ____D C:\Users\Kathy\Documents\Big Commerce
2016-08-17 12:12 - 2015-05-29 10:36 - 00000000 ____D C:\Users\Kathy\Documents\Utilities
2016-08-17 10:16 - 2015-01-11 12:53 - 00000000 ____D C:\Users\Kathy\Documents\Labels
2016-08-12 08:12 - 2015-11-07 09:12 - 00000495 _____ C:\Windows\DUNZLOG.TXT

==================== Files in the root of some directories =======

2016-07-26 14:52 - 2016-07-26 14:54 - 0044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2014-10-23 09:59 - 2014-10-30 09:36 - 0038880 _____ () C:\Users\Kathy\AppData\Local\2ete64.vas
2009-02-13 11:11 - 2014-12-17 13:15 - 0001356 _____ () C:\Users\Kathy\AppData\Local\d3d9caps.dat
2007-07-23 11:40 - 2007-07-23 11:40 - 0000051 _____ () C:\Users\Kathy\AppData\Local\setup.txt

Some files in TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\ose00000.exe
C:\Users\Kathy\AppData\Local\Temp\RoboForm-Setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 00:08

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Kathy (07-09-2016 13:23:41)
Running from C:\Users\Kathy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-11 16:04:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1081182048-1524022262-3844287625-500 - Administrator - Disabled)
Guest (S-1-5-21-1081182048-1524022262-3844287625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1081182048-1524022262-3844287625-1005 - Limited - Enabled)
Kathy (S-1-5-21-1081182048-1524022262-3844287625-1000 - Administrator - Enabled) => C:\Users\Kathy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1965-72 Ford Car Master Parts and Accessory Catalog (v11.5.5) (HKLM-x32\...\{74DDDC95-771A-4D42-A016-B5A74FD74D06}) (Version: 1.55.10001 - Forel Publishing Company, LLC)
1967 Mustang Part and Body Illustrations (HKLM-x32\...\{B74C9D38-5844-40A4-8BB6-BEA34ADBEE5A}) (Version: 12.8.3.10045 - Forel Publishing Company, LLC)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
AlignmentUtility (x32 Version: 19.00.0000 - UPS) Hidden
AOMEI Backupper Standard Edition 2.8 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
CCC (x32 Version: 19.00.0000 - United Parcel Service, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
CuteSITE Builder (HKLM-x32\...\CuteSITE Builder) (Version: 4.0 - GlobalSCAPE Texas, LP)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.228 - Dell Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1814 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
FormsComponent (x32 Version: 19.00.0000 - UPS) Hidden
FOSS (x32 Version: 19.00.0000 - UPS) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.22.1.5530 (HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\GoToMeeting) (Version: 7.22.1.5530 - CitrixOnline)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 19.00.0000 - UPS)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Publisher 2010 (HKLM\...\Office14.PUBLISHERR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Mozilla Thunderbird 45.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 en-US)) (Version: 45.1.0 - Mozilla)
MSIChecker (x32 Version: 19.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NA1Messenger (x32 Version: 19.00.0000 - Your Company Name) Hidden
NRF (x32 Version: 19.00.0000 - UPS) Hidden
PDF OwnerGuard User Edition (HKLM-x32\...\PDFUser) (Version: 12.8.3 - Armjisoft DRM Systems)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PolicyManager (x32 Version: 19.00.0000 - UPS) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.9.3 - Intuit)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 19.00.0000 - UPS) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-19-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-19-7 - Siber Systems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0019-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
SupportUtility (x32 Version: 19.00.0000 - UPS) Hidden
System (x32 Version: 19.00.0000 - UPS) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UnifiedPrinting (x32 Version: 19.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 19.0 - UPS)
UPSDB (x32 Version: 19.00.0000 - UPS) Hidden
UPSICC (x32 Version: 19.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 19.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (x32 Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
VIPRE Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 9.3.4.3 - ThreatTrack Security Inc.)
VIPRE Antivirus (x32 Version: 9.3.4.3 - ThreatTrack Security, Inc.) Hidden
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 19.00.0000 - UPS)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5600 - Broadcom Corporation)
WorldShip (x32 Version: 19.00.0000 - UPS) Hidden
WSShared (x32 Version: 19.00.0000 - UPS) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B08158A-4823-47D4-9BA9-F155366C755C} - System32\Tasks\EPSON XP-310 Series Invitation {EF526A4C-E985-495A-82C9-906D4F209E89} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {32DE6A8C-35C8-487C-8EFF-BB2BBB725967} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {34FBB18F-A54E-4301-B62F-AAB1A7CFA87B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {3553241E-DD4E-48A7-8797-B0B327CDB841} - System32\Tasks\G2MUploadTask-S-1-5-21-1081182048-1524022262-3844287625-1000 => C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {46F1F85B-DDD9-4E75-ACF1-3DFD6BF59EFD} - System32\Tasks\EPSON XP-310 Series Update {5E80414A-9767-4CF8-B59C-91E25CA4B012} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {4B913F22-C0DC-455C-8234-28BF51E8C8D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {58BB83B3-A00B-454E-9110-7FBB8C1D2F6C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-07-01] (Siber Systems)
Task: {68E19BB5-5F62-4220-B2DA-CC7D980557F2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {7112A5A0-CBE3-4B2F-BBCC-843CE3F6628A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {8AE25DCD-1D37-49A2-8226-B6605CD16A45} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {94A1566F-5DB6-45A5-A842-6406886072C1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1081182048-1524022262-3844287625-1000 => C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe [2016-09-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {ADA8FB6D-1DFF-409A-A7E7-79310CD383BB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {AEBC49C8-AE2D-436C-9FB9-673AF6C9EE38} - System32\Tasks\EPSON XP-310 Series Update {EF526A4C-E985-495A-82C9-906D4F209E89} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {B01EDDE4-80DD-42C2-BC82-48D51540A311} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {B18F09D4-6E86-45A3-99EB-AADAA81EB8E8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {C032E25A-C51D-408A-B1AD-4C07A9B16806} - System32\Tasks\EPSON XP-310 Series Invitation {5E80414A-9767-4CF8-B59C-91E25CA4B012} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-04-26] (SEIKO EPSON CORPORATION)
Task: {E36DE330-7339-4AA9-8904-4EF48E7C5BA7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMLMLJPMGMNJLJMJNMCNOMOMKJJMCNLMNJIMJMCNOJLMLMNJCNOMJMKMJMGMNMIMKMOJIMGMOJJNJICMIMCNGMCNOMGMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMKMMMJMJNHICMEKMICNJJCKJNBJCMELOJLIHJGIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFM (the data entry has 45 more characters).
Task: {E9C66310-49C5-4CD9-95B1-6980BEB67C63} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {5E80414A-9767-4CF8-B59C-91E25CA4B012}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {EF526A4C-E985-495A-82C9-906D4F209E89}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {5E80414A-9767-4CF8-B59C-91E25CA4B012}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{5E80414A-9767-4CF8-B59C-91E25CA4B012} /F:Update SYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-310 Series Update {EF526A4C-E985-495A-82C9-906D4F209E89}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{EF526A4C-E985-495A-82C9-906D4F209E89} /F:Update SYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1081182048-1524022262-3844287625-1000.job => C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\5530\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1081182048-1524022262-3844287625-1000.job => C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-25 19:41 - 2014-01-07 19:48 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 23:04 - 2016-03-02 17:38 - 00029952 _____ () C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
2015-07-06 12:42 - 2015-05-11 15:56 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-07-06 12:42 - 2015-05-11 15:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-07-06 12:42 - 2015-05-11 15:55 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-07-06 12:42 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-03-02 17:52 - 2016-03-02 17:52 - 00024832 _____ () C:\Program Files (x86)\UPS\WSTD\UPSResourceManager.dll
2016-02-29 14:56 - 2016-02-29 14:56 - 00237056 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2016-04-02 09:08 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2016-04-02 09:08 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VipreEdgeProtection => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebExaminer => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{23DF9A64-533D-48DF-ADC6-F7B3338BF290}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{54F3B53E-78A2-489E-96D8-9C7E1756125C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E55BDD5B-9297-4DDA-8C1B-0D9B25BE79D8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{13BB0142-F4EC-4369-BAFD-5CEE3392B704}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6C4100C-32A5-49B7-B2CF-04E27E319396}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A5B4D15-7CDF-4535-812B-6202DB3D06CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AFB3299-9C1D-4105-B8D2-FD01C799A613}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08E63406-CB7F-4FFE-81CE-EF932B6BCBB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{376565DF-8AC5-4310-9985-EEDBD8B24393}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE2319A9-8181-4478-AB29-C6BCFC02F087}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

==================== Restore Points =========================

22-08-2016 00:00:16 Scheduled Checkpoint
29-08-2016 00:00:20 Scheduled Checkpoint
06-09-2016 00:00:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 11:36:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2016 11:38:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0x53d8
Faulting application start time: 0x01d2084df92f0d75
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 45579dcc-7450-11e6-ad90-9cad97d593fe

Error: (09/06/2016 11:37:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 47.0.1.6018, time stamp: 0x576c85bd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x08dd114d
Faulting process id: 0x5fbc
Faulting application start time: 0x01d2084de8a4fbc1
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: unknown
Report Id: 3fe7c902-7450-11e6-ad90-9cad97d593fe

Error: (09/06/2016 09:49:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x4acc
Faulting application start time: 0x01d20212f8df5465
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 2083fd1b-7441-11e6-ad90-9cad97d593fe

Error: (09/06/2016 09:49:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3da4

Start Time: 01d201ffa8608ede

Termination Time: 1015

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 1b2b0f79-7441-11e6-ad90-9cad97d593fe

Error: (08/29/2016 09:14:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x4c9c
Faulting application start time: 0x01d1fe36186b524d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: e61b8140-6df2-11e6-ad90-9cad97d593fe

Error: (08/22/2016 08:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6817.133, time stamp: 0x579fa248
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xc000041d
Fault offset: 0x000000000001a06d
Faulting process id: 0x3434
Faulting application start time: 0x01d1fb06aea8dbfb
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a3bae1ce-6870-11e6-ad90-9cad97d593fe

Error: (08/22/2016 08:59:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6817.133, time stamp: 0x579fa248
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x3434
Faulting application start time: 0x01d1fb06aea8dbfb
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: a2accd16-6870-11e6-ad90-9cad97d593fe

Error: (08/22/2016 08:59:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at MS.Win32.UnsafeNativeMethods.PostMessage(System.Runtime.InteropServices.HandleRef, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean, System.Nullable`1<ChannelSet>)
   at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr)
   at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

Error: (08/19/2016 05:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0x2a7c
Faulting application start time: 0x01d1fa305fe90f4f
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: a76fbd76-665b-11e6-ad90-9cad97d593fe


System errors:
=============
Error: (09/07/2016 11:34:58 AM)

Attached Files



#2 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 September 2016 - 12:41 PM

Got It!

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th August 2016
Running from:C:\Users\Kathy\Desktop (13:43:49 - 09/07/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
***-----------------Anti-Virus - Firewall-------------------***
ThreatTrack Security VIPRE (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin (version 22.0.0.209)
Java (version 8.91.14)
Adobe Reader XI (version 11.0.0.17)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Mozilla Firefox -- An older version than (48) is installed.
Mozilla Firefox 47.0.1 (x86 en-US) (version 47.0.1) is *out of Date*

***----------------Analysis Complete-------------------------***



#3 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 September 2016 - 12:42 PM

Vipre has blocked 62 threats so far and cleaned 2800.



#4 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 September 2016 - 12:49 PM

Bitdefender QuickScan
Fast & free online virus scanner
You’re Good To Go! No Active Viruses Found.
 
F-Secure
No harmful items were found.
 
 
Kaspersky found 1 item:
UDS:DangerousObject.Multi.GenericC:\ProgramData\LuhdOnke\XicpAbfot.exe
 
Thank you for your help, it is appreciated.
 
 

Edited by kathyhatesspyware, 07 September 2016 - 01:01 PM.


#5 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 September 2016 - 01:08 PM

I received a similar email a few minutes ago. 

 

I am sending you the proof of payment towards missourimustang.com.
Please get back to me and let me know how you will issue the refund.

Thank you,
Marie Brooks
Midi Restaurant and Bar
P: 218.4613085
F: 218.8287784



#6 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 08 September 2016 - 04:58 AM

Hello kathyhatesspyware.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Please follow the directions in the order listed.


There is a golden rule that is often mentioned by our computer security expert member AplusWebMaster: "The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
Though you were waiting for the e-mail, you must suspect and observe very carefully before opening any e-mail.
I advise you to delete that email immediately.


Please open Malwarebytes.
In the left menu click on the Detection and Protection option.
On the Detection Options checkmark Scan for rootkits.
Next, perform another scan and post its results on your next reply.


NOTICE: The following script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [2046790604] => C:\ProgramData\LuhdOnke\XicpAbfot.exe [151552 2016-09-07] ()
AppInit_DLLs-x32: OGPDFLoader.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: (Ghostery) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\firefox@ghostery.com.xpi [2016-08-11]
CustomCLSID: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin64.dll => No File
Task: {E36DE330-7339-4AA9-8904-4EF48E7C5BA7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMLMLJPMGMNJLJMJNMCNOMOMKJJMCNLMNJIMJMCNOJLMLMNJCNOMJMKMJMGMNMIMKMOJIMGMOJJNJICMIMCNGMCNOMGMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMKMMMJMJNHICMEKMICNJJCKJNBJCMELOJLIHJGIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFM (the data entry has 45 more characters).

C:\Users\Kathy\AppData\Local\Temp\ose00000.exe
C:\Users\Kathy\AppData\Local\Temp\RoboForm-Setup.exe

C:\ProgramData\LuhdOnke\XicpAbfot.exe

End


Save the files as fixlist.txt in to the same folder as FRST64
Run FRST64 and click Fix only once and wait.
When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

 

Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right click on the icon and chose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

 

 

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


To summarize, please post in your next reply:
The MBAM log.
The fixlog.txt from Farbar tool.
The Adwcleaner log.
The ESET log (if it produced one).

How is your computer running?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#7 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 08 September 2016 - 09:32 AM

Hello, I appreciate your assistance.  I have deleted the email.  When I opened Malwarebytes it automaticallly ran a scan.  Here are the results:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/8/2016
Scan Time: 9:54 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.08.06
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330347
Time Elapsed: 9 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.MalPack, HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|2046790604, "C:\ProgramData\LuhdOnke\XicpAbfot.exe", Quarantined, [08ae521db5e5c076a5d09e483bc99f61]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.MalPack, C:\ProgramData\LuhdOnke\XicpAbfot.exe, Quarantined, [08ae521db5e5c076a5d09e483bc99f61],

Physical Sectors: 0
(No malicious items detected)


(end)  This is now in quarantine.

 

 

Here is the scan with the detection options checked. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/8/2016
Scan Time: 10:13 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.08.06
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330156
Time Elapsed: 15 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Kathy (08-09-2016 10:42:29) Run:1
Running from C:\Users\Kathy\Desktop\HighJackThis
Loaded Profiles: Kathy (Available Profiles: Kathy)
Boot Mode: Normal
==============================================

fixlist content:
*****************


    Start

    CreateRestorePoint:
    CloseProcesses:
    EmptyTemp:

    HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [2046790604] => C:\ProgramData\LuhdOnke\XicpAbfot.exe [151552 2016-09-07] ()
    AppInit_DLLs-x32: OGPDFLoader.dll => No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Extension: (Ghostery) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\firefox@ghostery.com.xpi [2016-08-11]
    CustomCLSID: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Kathy\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin64.dll => No File
    Task: {E36DE330-7339-4AA9-8904-4EF48E7C5BA7} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMLMLJPMGMNJLJMJNMCNOMOMKJJMCNLMNJIMJMCNOJLMLMNJCNOMJMKMJMGMNMIMKMOJIMGMOJJNJICMIMCNGMCNOMGMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMKMMMJMJNHICMEKMICNJJCKJNBJCMELOJLIHJGIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFM (the data entry has 45 more characters).

    C:\Users\Kathy\AppData\Local\Temp\ose00000.exe
    C:\Users\Kathy\AppData\Local\Temp\RoboForm-Setup.exe

    C:\ProgramData\LuhdOnke\XicpAbfot.exe

    End

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2046790604 => value not found.
"OGPDFLoader.dll" => Value data removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\firefox@ghostery.com.xpi => moved successfully
"HKU\S-1-5-21-1081182048-1524022262-3844287625-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E36DE330-7339-4AA9-8904-4EF48E7C5BA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E36DE330-7339-4AA9-8904-4EF48E7C5BA7}" => key removed successfully
C:\Windows\System32\Tasks\Open URL by RoboForm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => key removed successfully
C:\Users\Kathy\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Kathy\AppData\Local\Temp\RoboForm-Setup.exe => moved successfully
"C:\ProgramData\LuhdOnke\XicpAbfot.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30114513 B
Java, Flash, Steam htmlcache => 83658 B
Windows/system/drivers => 4817114664 B
Edge => 0 B
Chrome => 0 B
Firefox => 114623433 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
Kathy => 520619394 B

RecycleBin => 69608 B
EmptyTemp: => 5.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:43:53 ====


Edited by kathyhatesspyware, 08 September 2016 - 09:47 AM.


#8 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 08 September 2016 - 09:55 AM

AdwCleaner report, nothing found.  (The copy and paste option has disappeared--I cannot paste the log)



#9 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 08 September 2016 - 10:55 AM

ESET did not find any threats.  My computer seems to be running good.  I will use it today and post an update.  Thank you  :good:



#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 08 September 2016 - 12:55 PM

Hello kathyhatesspyware.

 

MBAM has quarantined all the threats it found. To permanently delete them:

  • Open MBAM.
  • Click History
  • Click Delete All
  • Close MBAM.

 

Here is the scan with the detection options checked.

For some reason the second log from MBAM shows that some options (Archives and Heuristics) were disabled before the scan. To re-enabled them the next time you run MBAM just try the following steps (this is just to re-enable the three options - Do NOT run MBAM now):

Open Malwarebytes.
On the top menu bar click on Settings.
On the left menu click Detection and Protection.
In Detection Options make sure the three options are checkmarked.
Close MBAM.


Next:

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 8 Update 101.

You can manually check your present version and update as recommended.
https://java.com/en/download/

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Once you have installed the newest version, please remove the old version using the Programs and Features applet.

 

Update your Mozilla Firefox browser:
https://support.mozi...-latest-version


How is the computer running? Are there any further symptoms of problems with it?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 08 September 2016 - 03:46 PM

I changed MBAM.  Updated Java and Firefox.  My online store (hosted by Bigcommerce) sometimes will not work with the newer versions so sometimes I wait, but it is current now.  The computer is running great.  I really appreciate your help and how quickly I was able to fix this problem.  I will make a donation to the site.  I am glad you were here to help.



#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 08 September 2016 - 04:57 PM

Hello kathyhatesspyware.
 

I will make a donation to the site.  I am glad you were here to help.

Thank you very much. You're welcome. :thumbup:


You can now delete the following tools and any logs they created:

AdwCleaner (run the program and click the Uninstall button)
Farbar Recovery Scan Tool (and delete the folder C:\FRST)


System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

To reset System Restore Points:

  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Select the drive (usually is Drive C:) that you want to use Disk Cleanup on, and click the OK button.
  • Click on the Clean up system files button.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows 7 can be found here.

 

Are there any further problems with this computer?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#13 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 September 2016 - 11:21 AM

I created a system restore point and now the computer is not working properly.  I cannot load programs or open Firefox.  If a program opens, it is extremely slow. 



#14 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 September 2016 - 11:36 AM

The computer will not shut down for a restart.  I manually shut it down. 


Edited by kathyhatesspyware, 09 September 2016 - 11:40 AM.


#15 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 September 2016 - 11:52 AM

I was able to restart in Safe Mode and undo the system restore.  The computer is working normally.



#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 10 September 2016 - 09:16 AM

Hello kathyhatesspyware.
 

I was able to restart in Safe Mode and undo the system restore.  The computer is working normally.

This was a good option.

Any further problems with the computer?
Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#17 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 11 September 2016 - 07:11 AM

It is working well.  Thank you for your help with the malware. 



#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 11 September 2016 - 08:48 AM

It is working well.  Thank you for your help with the malware.

You're welcome.

 

 
To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep Windows updated at Windows Update. I cannot stress enough how important this is.

Keep your VIPRE AntiVirus up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here
Please Note: Only the paid for version has real time capabilities.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to Adobe Flash Player, Adobe Reader, Java and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.


Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. :thumbup:

Android 8888.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#19 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,177 posts

Posted 01 October 2016 - 08:42 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button