Jump to content


Photo

Malware Checkup

Started by kathyhatesspyware , Jan 29 2018 01:33 PM
popup unresponsive littlethings

  • This topic is locked This topic is locked
16 replies to this topic

#1 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 29 January 2018 - 01:33 PM

Hello,
 
I website called www.thelittlethings.com will pop up with an update in the lower portion of my screen.  Sometimes when I click on a link on a webpage, thelittlethings site will open in its place.  This also happens while working in a program such as quicken, a click in the program takes you to the website.  This weekend my computer became unresponsive so a rebooted a couple of times but it did not help.  I manually shut the computer down and rebooted in safe mode with networking.  I looked at this forum and followed a few suggestions such as disk check and disk defrag (I have defrag scheduled to run once a week).  I rebooted after disk check and windows updated and also ran a check (something I had not seen before).  The computer is working well this morning but thelittlethings notice is popping up from time to time.  Please check the logs and see if there is anything that needs corrected.  
 
 
 
Malware:  I have this program installed but it occasionally uninstalls itself after updating.  I read where they had corrected this problem but I had to reinstall this a few days ago after I noticed it was gone.
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/29/18
Scan Time: 9:31 AM
Log File: 6f9a2d13-0509-11e8-b0d5-989096ab371a.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3813
License: Premium
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289159
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 29 min, 35 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2018
Ran by Kathy (administrator) on MUSTANGMAIN (29-01-2018 13:21:40)
Running from C:\Users\Kathy\Downloads
Loaded Profiles: Kathy (Available Profiles: Kathy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.WONDERLISTER\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\x64\AVCProxy.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATILUE.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(United Parcel Service, Inc.) C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(VIPRE Security) C:\Program Files (x86)\VIPRE\SBAMTray.exe
() C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Quicken Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dfrgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [47432 2013-08-15] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [31048 2013-08-15] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-09-07] (Carbonite, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3320312 2017-07-25] (VIPRE Security)
HKLM-x32\...\Run: [WSUpdater] => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe [176896 2017-12-16] (UPS)
HKLM-x32\...\Run: [NA1Messenger] => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe [34048 2017-12-16] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [WinHost32] => C:\Users\Kathy\WinHost32.exe
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2018-01-05] (Siber Systems)
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATILUE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\MountPoints2: {0597ee65-b361-11e4-a4c0-9cad97d593fe} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\...\MountPoints2: {6826620b-d83e-11e7-8ff7-9cad97d593fd} - E:\SimpliSafe.bat
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
AppInit_DLLs-x32: OGPDFLoader.dll => C:\Windows\SysWOW64\OGPDFLoader.dll [5632 2015-08-11] (Armjisoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-09-25]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2018-01-18]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2018-01-18]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (UPS)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A5A3B470-0F51-4B36-9298-B1E8B418985F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CA33E398-BC3D-4D96-A902-A9FB90A9CFD0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000 -> DefaultScope {95255AAD-90EE-4536-82B5-6F660D5E11F8} URL = 
SearchScopes: HKU\S-1-5-21-1081182048-1524022262-3844287625-1000 -> {95255AAD-90EE-4536-82B5-6F660D5E11F8} URL = 
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-05] (Siber Systems Inc.)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-05] (Siber Systems Inc.)
BHO-x32: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2018-01-05] (Siber Systems Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2018-01-05] (Siber Systems Inc.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\x64\VSGNx64.dll [2017-07-25] ()
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll [2017-07-25] ()
 
FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824 [2018-01-22]
FF Extension: (Panel for Pinterest™) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\jid1-Jf3tAGwqs5Hjqz@jetpack.xpi [2017-06-21]
FF Extension: (Pinterest Save Button) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2018-01-02]
FF Extension: (RoboForm Password Manager) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\rf-firefox@siber.com.xpi [2017-10-25]
FF Extension: (uBlock Origin) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\uBlock0@raymondhill.net.xpi [2018-01-22]
FF Extension: (ColorfulTabs) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2018-01-22]
FF Extension: (Bitdefender QuickScan) - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\b2urxh9i.default-1453316315824\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-27] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-02-03] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1081182048-1524022262-3844287625-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Kathy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-17] (Citrix Online)
 
Chrome: 
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default [2018-01-29]
CHR Extension: (Slides) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Docs) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Google Drive) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-06]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2018-01-12]
CHR Extension: (YouTube) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-06]
CHR Extension: (Honey) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-01-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-09-21]
CHR Extension: (Sheets) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-06]
CHR Extension: (Pinterest Save Button) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-12-28]
CHR Extension: (Ghostery) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Gmail) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-06]
CHR Extension: (Chrome Media Router) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-27]
CHR Extension: (RoboForm Password Manager) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2018-01-05]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-01-11]
CHR HKU\S-1-5-21-1081182048-1524022262-3844287625-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-01-11]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-05-11] (AOMEI Tech Co., Ltd.) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-02-03] (Sanford, L.P.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-26] (SEIKO EPSON CORPORATION)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-01-11] (Macrovision Europe Ltd.) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2016-09-28] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$UPSWS2012SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe [163008 2017-07-07] (Microsoft Corporation)
R2 MSSQL$WONDERLISTER; C:\Program Files\Microsoft SQL Server\MSSQL12.WONDERLISTER\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [6943200 2017-07-25] (VIPRE Security)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [436216 2017-07-25] (VIPRE Security)
S4 SQLAgent$UPSWS2012SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\SQLAGENT.EXE [448704 2017-07-07] (Microsoft Corporation)
S4 SQLAgent$WONDERLISTER; C:\Program Files\Microsoft SQL Server\MSSQL12.WONDERLISTER\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-09-22] (Dell Inc.)
S3 VipreEdgeProtection; C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe [2710544 2017-05-12] (ThreatTrack Security Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-25] (Microsoft Corporation)
U2 wltrysvc; "C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-11-18] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [285240 2016-08-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-11-18] (BitDefender)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-09-25] (Broadcom Corporation.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [32952 2016-10-13] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [50776 2016-08-03] (ThreatTrack Security)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-29] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-29] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-29] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [133808 2017-07-25] (VIPRE Security)
S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [73208 2017-02-17] (ThreatTrack Security)
R1 sbwfw; C:\Windows\System32\DRIVERS\sbwfw.sys [375368 2017-02-17] (ThreatTrack Security)
R3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [122672 2017-02-17] (ThreatTrack Security)
R2 WebExaminer; C:\Windows\system32\Drivers\WebExaminer64.sys [35984 2017-05-12] (ThreatTrack Security Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-29 13:21 - 2018-01-29 13:23 - 000027521 _____ C:\Users\Kathy\Downloads\FRST.txt
2018-01-29 13:21 - 2018-01-29 13:21 - 002393088 _____ (Farbar) C:\Users\Kathy\Downloads\FRST64.exe
2018-01-29 13:21 - 2018-01-29 13:21 - 000002369 _____ C:\Users\Kathy\Desktop\spyware log.txt
2018-01-29 12:34 - 2018-01-29 12:34 - 000000000 ____D C:\Users\Kathy\Documents\2018 Receipts
2018-01-29 09:28 - 2018-01-29 09:28 - 000000000 ____D C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2018-01-27 11:42 - 2018-01-27 11:44 - 000000376 _____ C:\Windows\Tasks\Run RoboForm TaskBar Icon.job
2018-01-27 11:39 - 2018-01-29 09:02 - 000105024 _____ C:\Windows\ntbtlog.txt
2018-01-27 11:28 - 2018-01-29 12:24 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-27 11:23 - 2018-01-29 09:17 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-25 10:01 - 2018-01-29 09:17 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-25 10:01 - 2018-01-29 09:17 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-25 10:01 - 2018-01-27 11:39 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-25 10:00 - 2018-01-25 10:00 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-25 10:00 - 2018-01-25 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-25 10:00 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-25 09:59 - 2018-01-25 10:00 - 083316440 _____ (Malwarebytes ) C:\Users\Kathy\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-23 14:18 - 2018-01-23 14:18 - 000793538 _____ C:\Users\Kathy\Downloads\MUSTANG_FOCUS_PRICE_SHEET_1_.xlsx
2018-01-18 11:09 - 2018-01-18 11:09 - 000143930 _____ C:\Users\Kathy\Downloads\2017-FinancialSummary.pdf
2018-01-18 09:34 - 2018-01-18 09:34 - 000003796 _____ C:\Windows\System32\Tasks\UPS WorldShip Updater
2018-01-13 08:44 - 2018-01-13 08:44 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-01-04 11:42 - 2018-01-04 11:42 - 000000000 ____D C:\Program Files\Bonjour
2018-01-04 11:39 - 2018-01-04 11:39 - 000000000 ____D C:\Users\Default\AppData\Roaming\Sun
2018-01-04 11:39 - 2018-01-04 11:39 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2017-12-30 10:35 - 2017-12-30 10:35 - 000028268 _____ C:\Users\Kathy\Downloads\UPS_Audit_Credits---123020171000.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-29 13:21 - 2016-09-07 12:23 - 000000000 ____D C:\FRST
2018-01-29 12:55 - 2016-07-21 13:30 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2018-01-29 12:42 - 2015-03-01 12:42 - 000000911 _____ C:\Windows\Tasks\EPSON XP-310 Series Update {EF526A4C-E985-495A-82C9-906D4F209E89}.job
2018-01-29 12:42 - 2015-03-01 12:42 - 000000725 _____ C:\Windows\Tasks\EPSON XP-310 Series Invitation {EF526A4C-E985-495A-82C9-906D4F209E89}.job
2018-01-29 09:51 - 2009-07-13 22:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-29 09:51 - 2009-07-13 22:45 - 000021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-29 09:37 - 2016-11-19 10:59 - 000000000 ____D C:\Users\Kathy\AppData\LocalLow\Mozilla
2018-01-29 09:28 - 2015-01-11 10:57 - 000000360 _____ C:\Windows\wstdUPSWSHIP.INI
2018-01-29 09:16 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-27 11:28 - 2015-01-11 11:53 - 000000000 ____D C:\Users\Kathy\Documents\Quicken
2018-01-27 10:59 - 2009-07-13 23:13 - 001055536 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-27 10:59 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2018-01-26 10:57 - 2017-03-28 09:51 - 000000000 ____D C:\Users\Kathy\Documents\SMB Statements
2018-01-24 17:00 - 2017-09-06 10:47 - 000002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-24 17:00 - 2017-09-06 10:47 - 000002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-24 13:22 - 2015-01-11 11:53 - 000000000 ____D C:\Users\Kathy\Documents\Parts Prices_Lists
2018-01-22 14:36 - 2015-01-11 10:21 - 000000000 ____D C:\Users\Kathy\AppData\Roaming\Mozilla
2018-01-18 13:14 - 2015-05-29 09:36 - 000000000 ____D C:\Users\Kathy\Documents\Utilities
2018-01-18 09:38 - 2015-01-11 10:05 - 000117680 _____ C:\Users\Kathy\AppData\Local\GDIPFONTCACHEV1.DAT
2018-01-18 09:35 - 2009-07-13 22:45 - 002351720 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-18 09:33 - 2017-01-31 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UPS
2018-01-18 09:31 - 2015-01-11 11:04 - 000001813 _____ C:\Windows\ODBC.INI
2018-01-18 09:27 - 2016-09-27 16:46 - 000000000 ____D C:\Windows\SysWOW64\1033
2018-01-18 09:27 - 2016-09-27 16:46 - 000000000 ____D C:\Windows\system32\1033
2018-01-15 14:08 - 2015-01-11 11:53 - 000000000 ____D C:\Users\Kathy\Documents\Sales Tax Forms
2018-01-13 08:44 - 2014-09-25 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-01-11 09:04 - 2015-02-11 09:50 - 000000000 ____D C:\Users\Kathy\Documents\Turbo Lister Backup
2018-01-09 18:13 - 2014-09-25 16:48 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-01-09 18:13 - 2014-09-25 16:48 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-09 18:13 - 2014-09-25 16:48 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 18:13 - 2014-09-25 16:48 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-01-09 18:13 - 2014-09-25 16:48 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-08 10:21 - 2016-04-11 07:34 - 000000000 ____D C:\Users\Kathy\Documents\UPS
2018-01-08 10:06 - 2016-05-17 10:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-01-08 10:06 - 2015-01-11 10:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-07 04:29 - 2017-08-07 03:45 - 000000148 _____ C:\Windows\SysWOW64\SmartFlow.txt
2018-01-06 10:53 - 2015-01-11 11:53 - 000000000 ____D C:\Users\Kathy\Documents\Big Commerce
2018-01-05 16:15 - 2016-09-30 09:57 - 000004164 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2018-01-05 16:15 - 2015-01-11 11:08 - 000003598 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2018-01-05 16:15 - 2015-01-11 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2018-01-05 12:45 - 2015-01-11 11:53 - 000000000 ____D C:\Users\Kathy\Documents\Licenses
2018-01-04 11:42 - 2015-01-11 15:54 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-01-04 11:40 - 2017-08-17 08:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-01-04 11:40 - 2015-10-19 08:40 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-04 11:40 - 2015-10-19 08:40 - 000001037 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-04 11:40 - 2015-01-11 14:11 - 000001099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-01-04 11:40 - 2015-01-11 14:11 - 000001087 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2018-01-04 11:36 - 2015-01-11 11:53 - 000000000 ____D C:\Users\Kathy\Documents\MustangBook
2018-01-04 11:18 - 2015-01-11 15:54 - 000000000 ____D C:\Users\Kathy\AppData\Roaming\VIPRE
2017-12-30 05:13 - 2017-09-06 11:07 - 000000000 ____D C:\Users\Kathy\AppData\Local\RoboForm
 
==================== Files in the root of some directories =======
 
2017-01-19 10:30 - 2017-01-19 12:29 - 318752832 _____ (Microsoft Corporation) C:\Users\Kathy\SQLEXPR_x64_ENU.exe
2016-07-26 13:52 - 2016-07-26 13:54 - 000044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2014-10-23 08:59 - 2014-10-30 08:36 - 000038880 _____ () C:\Users\Kathy\AppData\Local\2ete64.vas
2009-02-13 10:11 - 2014-12-17 12:15 - 000001356 _____ () C:\Users\Kathy\AppData\Local\d3d9caps.dat
2007-07-23 10:40 - 2007-07-23 10:40 - 000000051 _____ () C:\Users\Kathy\AppData\Local\setup.txt
 
Some files in TEMP:
====================
2006-05-24 11:10 - 2006-05-24 11:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Kathy\AppData\Local\Temp\_is382.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-12-29 00:19
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Kathy (29-01-2018 13:23:46)
Running from C:\Users\Kathy\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-11 16:04:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1081182048-1524022262-3844287625-500 - Administrator - Disabled)
Guest (S-1-5-21-1081182048-1524022262-3844287625-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1081182048-1524022262-3844287625-1005 - Limited - Enabled)
Kathy (S-1-5-21-1081182048-1524022262-3844287625-1000 - Administrator - Enabled) => C:\Users\Kathy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ThreatTrack Security VIPRE (Enabled - Up to date) {A328C8F0-22BE-AEDA-2D52-6C8A3089160A}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {18492914-0484-A154-17E2-57F84B0E5CB7}
FW: ThreatTrack Security VIPRE (Enabled) {9B1349D5-68D1-AF82-060D-C5BFCE5A5171}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1965-72 Ford Car Master Parts and Accessory Catalog (v11.5.5) (HKLM-x32\...\{74DDDC95-771A-4D42-A016-B5A74FD74D06}) (Version: 1.55.10001 - Forel Publishing Company, LLC)
1967 Mustang Part and Body Illustrations (HKLM-x32\...\{B74C9D38-5844-40A4-8BB6-BEA34ADBEE5A}) (Version: 12.8.3.10045 - Forel Publishing Company, LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
AlignmentUtility (HKLM-x32\...\{4C5E314A-31CA-4223-9A90-CE0C4D5800A4}) (Version: 21.00.0000 - UPS) Hidden
AOMEI Backupper Standard Edition 2.8 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite HL-L2380DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Carbonite (HKLM-x32\...\{34A6D6FF-7EEC-499E-A54F-71077783AED6}) (Version: 6.3.2 build 7466 (Sep-07-2017) - Carbonite)
CCC (HKLM-x32\...\{95749C5B-BC37-41E3-8D39-EEF4C21A2825}) (Version: 21.00.0000 - United Parcel Service, Inc.) Hidden
CCCHelp (HKLM-x32\...\{21C4D7B4-79A2-43F3-89EF-558CE4BEE85F}) (Version: 21.00.0000 - United Parcel Service, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CuteSITE Builder (HKLM-x32\...\CuteSITE Builder) (Version: 4.0 - GlobalSCAPE Texas, LP)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.228 - Dell Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1814 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation)
EPSON L120 Series Printer Uninstall (HKLM\...\EPSON L120 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
FormsComponent (HKLM-x32\...\{91032FF2-836F-4CCA-A1A3-55B966E82907}) (Version: 21.00.0000 - UPS) Hidden
FOSS (HKLM-x32\...\{267FC070-5271-4768-B33A-33E4EA0E3A74}) (Version: 21.00.0000 - UPS) Hidden
GDR 4213 for SQL Server 2014 (KB3070446) (64-bit) (HKLM\...\KB3070446) (Version: 12.1.4213.0 - Microsoft Corporation)
GDR 4232 for SQL Server 2014 (KB3194720) (64-bit) (HKLM\...\KB3194720) (Version: 12.1.4232.0 - Microsoft Corporation)
GDR 4237 for SQL Server 2014 (KB4019091) (64-bit) (HKLM\...\KB4019091) (Version: 12.1.4237.0 - Microsoft Corporation)
GDR 6248 for SQL Server 2012 (KB3194721) (HKLM-x32\...\KB3194721) (Version: 11.3.6248.0 - Microsoft Corporation)
GDR 6251 for SQL Server 2012 (KB4019092) (HKLM-x32\...\KB4019092) (Version: 11.3.6251.0 - Microsoft Corporation)
Google Chrome (HKLM\...\{B98EEA88-7820-3A65-A3AF-99A11D1A9D49}) (Version: 64.0.3282.119 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 21.00.0000 - UPS)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Command Line Utilities 11 for SQL Server (HKLM-x32\...\{92216AED-67BB-4832-8A7B-BBE8FDE7C3B0}) (Version: 11.0.2270.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{4294D9EB-FECF-4E55-8615-1B9EF152EE95}) (Version: 12.2.5543.11 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Publisher 2010 (HKLM\...\Office14.PUBLISHERR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{7FFF0385-BD04-4047-AA1D-6146A391FD0A}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{9AE22681-C27C-402A-A136-15854DFF693D}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{22645997-D3F4-4056-A21A-88A018A90C1F}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{076FF390-D283-4174-B602-B0B7B72BD024}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{375DE766-4467-4F48-B56B-4F543819BAB4}) (Version: 12.1.4232.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{FF7DDA05-6EA7-4C01-B44A-3E57F8B9B97B}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{8CE29F52-8FAF-4CFD-89E8-B2D61A6800B1}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.1.4100.1 - Microsoft Corporation)
Mozilla Firefox 57.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 57.0.2 (x86 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Mozilla Thunderbird 52.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.5.0 (x86 en-US)) (Version: 52.5.0 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 21.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NA1Messenger (HKLM-x32\...\{D44E7219-947E-4F1B-830E-66EF11ACC543}) (Version: 21.00.0000 - Your Company Name) Hidden
NRF (HKLM-x32\...\{99A0F94F-9F09-4F09-B8D9-E8F1BBBEF212}) (Version: 21.00.0000 - UPS) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF OwnerGuard User Edition (HKLM-x32\...\PDFUser) (Version: 12.9.7 - Armjisoft DRM Systems)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PolicyManager (HKLM-x32\...\{2329553C-D499-4476-A20F-9C7E82ED122B}) (Version: 21.00.0000 - UPS) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.15.13 - Quicken)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Reconciler (HKLM-x32\...\{98C4DE92-27C8-482C-8431-514828756E80}) (Version: 21.00.0000 - UPS) Hidden
ReportServer (HKLM-x32\...\{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}) (Version: 21.00.0000 - Your Company Name) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 8-4-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-6-6 - Siber Systems)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Service Pack 1 for SQL Server 2014 (KB3058865) (64-bit) (HKLM\...\KB3058865) (Version: 12.1.4100.1 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0019-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2012 (KB3072779) (HKLM-x32\...\KB3072779) (Version: 11.3.6020.0 - Microsoft Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SQL Server 2012 Common Files (HKLM-x32\...\{124D51A1-F3C2-45AE-B812-D3CA71247093}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM-x32\...\{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{87D50333-E534-493A-8E98-0A49BC28F64B}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM-x32\...\{C22613C2-C7A4-4761-A906-116ECD4E7477}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{54F84805-0116-467F-8713-899DFC472235}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM-x32\...\{D0F44C37-A22B-4733-BBA7-86C9F4988725}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.1.4100.1 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.1.4100.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SupportUtility (HKLM-x32\...\{31AF8802-BF43-4C43-984B-EC597CF51505}) (Version: 21.00.0000 - UPS) Hidden
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 21.00.0000 - UPS) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
UnifiedPrinting (HKLM-x32\...\{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}) (Version: 21.00.0000 - UPS) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 21.0 - UPS)
UPSDB (HKLM-x32\...\{837896B9-CACA-44EF-B2F8-F6DB3D743595}) (Version: 21.00.0000 - UPS) Hidden
UPSICC (HKLM-x32\...\{390160B4-D276-4A04-8002-8D3101A0D367}) (Version: 21.00.0000 - UPS) Hidden
UPSlinkHTTP (HKLM-x32\...\{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}) (Version: 21.00.0000 - UPS) Hidden
UPSVC2008MM (HKLM-x32\...\{95BFC573-7D09-46C9-B458-A75BA947FFCB}) (Version: 1.00.0000 - UPS) Hidden
UPSVC2013MM (HKLM-x32\...\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}) (Version: 19.00.0000 - Your Company Name) Hidden
UPSVCMM (HKLM-x32\...\{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}) (Version: 12.00.0000 - UPS) Hidden
VIPRE Advanced Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 10.1.4.33 - VIPRE Security)
<

#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 29 January 2018 - 04:33 PM

Hello kathyhatesspyware.
Welcome back to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please proceed with the instructions below in the order listed.


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::

CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR Extension: (Ghostery) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-12]
2006-05-24 11:10 - 2006-05-24 11:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Kathy\AppData\Local\Temp\_is382.exe
Task: {77C80A86-A2D5-479E-8BC0-13166336456E} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLMLJPMGMNJLJMJNMCNOMOMKJJMCNLMNJIMJMCNOJLMLMNJCNOMJMKMJMGMNMIMKMOJIMGMOJJNJICMHMCNLMCNJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMPMGMPMJNHICMEKMICNJJCKJNBJCMNILJEJMINIOJPLHJAJLICJOJGJDJBNMJAJCJJNKJC (the data entry has 68 more characters).
AlternateDataStreams: C:\Users\Kathy\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Kathy\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Kathy\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe:BDU [0]
CMD: ipconfig /flushDNS
EmptyTemp:

End::

Save the file as fixlist.txt in to the same location as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST is located. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Next,

 

Please download Malwarebytes AdwCleaner and save it to your computer Desktop;

  • Right-click on adwcleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do it;
  • After the restart, a log will open when logging in;

Please copy/paste the content of that log in your next reply.
 
 
Next,

Please download Zemana Antimalware and save it to your computer Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the UAC security warning that may appear.
  • Select the language and click the OK button.
  • Click the Next button, accept the EULA warning and follow the instructions to continue and install the program.
  • Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete.
  • Without changing any options, click Scan to begin.
  • After the short scan is finished, if threats are detected click Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your computer's Desktop and click the Save button.

Please copy and paste the entire contents of the saved report in to your next reply.


To summarize, please post the entire contents of the following logs:
Fixlog.txt produced by Farbar tool.
AdwCleaner clean log.
Zemana log.

How is the computer running now? Are you still having those popups appearing on the screen?

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 30 January 2018 - 10:33 AM

Hello,

Here is the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Kathy (30-01-2018 10:12:08) Run:2
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy (Available Profiles: Kathy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR Extension: (Ghostery) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-12]
2006-05-24 11:10 - 2006-05-24 11:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Kathy\AppData\Local\Temp\_is382.exe
Task: {77C80A86-A2D5-479E-8BC0-13166336456E} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLMLJPMGMNJLJMJNMCNOMOMKJJMCNLMNJIMJMCNOJLMLMNJCNOMJMKMJMGMNMIMKMOJIMGMOJJNJICMHMCNLMCNJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMPMGMPMJNHICMEKMICNJJCKJNBJCMNILJEJMINIOJPLHJAJLICJOJGJDJBNMJAJCJJNKJC (the data entry has 68 more characters).
AlternateDataStreams: C:\Users\Kathy\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Kathy\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Kathy\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe:BDU [0]
CMD: ipconfig /flushDNS
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
CHR Extension: (Ghostery) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-12] => Error: No automatic fix found for this entry.
C:\Users\Kathy\AppData\Local\Temp\_is382.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77C80A86-A2D5-479E-8BC0-13166336456E} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77C80A86-A2D5-479E-8BC0-13166336456E}" => removed successfully
C:\Windows\System32\Tasks\Open URL by RoboForm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => removed successfully
C:\Users\Kathy\Downloads\Firefox Installer.exe => ":BDU" ADS removed successfully
"C:\Users\Kathy\Downloads\FRST64.exe" => ":BDU" ADS not found.
C:\Users\Kathy\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe => ":BDU" ADS removed successfully
 
========= ipconfig /flushDNS =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13821821 B
Java, Flash, Steam htmlcache => 3124 B
Windows/system/drivers => 150926130373 B
Edge => 0 B
Chrome => 708502950 B
Firefox => 407302273 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 2679244 B
LocalService => 0 B
NetworkService => 0 B
Kathy => 101428505 B
 
RecycleBin => 0 B
EmptyTemp: => 141.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:16:37 ====
 
Will proceed to adware cleaner.

#4 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 30 January 2018 - 10:44 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2018
Ran by Kathy (30-01-2018 10:12:08) Run:2
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy (Available Profiles: Kathy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR Extension: (Ghostery) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-12]
2006-05-24 11:10 - 2006-05-24 11:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Kathy\AppData\Local\Temp\_is382.exe
Task: {77C80A86-A2D5-479E-8BC0-13166336456E} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMLMLJPMGMNJLJMJNMCNOMOMKJJMCNLMNJIMJMCNOJLMLMNJCNOMJMKMJMGMNMIMKMOJIMGMOJJNJICMHMCNLMCNJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMPMGMPMJNHICMEKMICNJJCKJNBJCMNILJEJMINIOJPLHJAJLICJOJGJDJBNMJAJCJJNKJC (the data entry has 68 more characters).
AlternateDataStreams: C:\Users\Kathy\Downloads\Firefox Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Kathy\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Kathy\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe:BDU [0]
CMD: ipconfig /flushDNS
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => removed successfully
CHR Extension: (Ghostery) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-01-12] => Error: No automatic fix found for this entry.
C:\Users\Kathy\AppData\Local\Temp\_is382.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77C80A86-A2D5-479E-8BC0-13166336456E} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77C80A86-A2D5-479E-8BC0-13166336456E}" => removed successfully
C:\Windows\System32\Tasks\Open URL by RoboForm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm" => removed successfully
C:\Users\Kathy\Downloads\Firefox Installer.exe => ":BDU" ADS removed successfully
"C:\Users\Kathy\Downloads\FRST64.exe" => ":BDU" ADS not found.
C:\Users\Kathy\Downloads\mb3-setup-35891.35891-3.3.1.2183-1.0.262-1.0.3374.exe => ":BDU" ADS removed successfully
 
========= ipconfig /flushDNS =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13821821 B
Java, Flash, Steam htmlcache => 3124 B
Windows/system/drivers => 150926130373 B
Edge => 0 B
Chrome => 708502950 B
Firefox => 407302273 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 2679244 B
LocalService => 0 B
NetworkService => 0 B
Kathy => 101428505 B
 
RecycleBin => 0 B
EmptyTemp: => 141.7 GB temporary data Removed.
 
================================
 
# AdwCleaner 7.0.7.0 - Logfile created on Tue Jan 30 16:37:27 2018
# Updated on 2018/18/01 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d3b3ehuo35wzeh.cloudfront.net
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1127 B] - [2018/1/30 16:36:28]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
The system needed a reboot.
 
==== End of Fixlog 10:16:37 ====

#5 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 30 January 2018 - 11:40 AM

Zemana AntiMalware 2.74.2.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/1/30
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7-4790 CPU @ 3.60GHz
BIOS Mode              : Legacy
CUID                   : 12C8CC69BE785A01763DF0
Scan Type              : System Scan
Duration               : 19m 47s
Scanned Objects        : 187525
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
No threats detected
 
The computer is running well this morning.  I believe these steps have helped.  No popups yet.  
Thank you for your assistance.  Donation on the way.
Kathy

#6 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 30 January 2018 - 11:54 AM

My computer just shut itself down.  Blue screen, text flashed quickly, something about protecting hard drive.  Computer rebooted, I selected regular boot.  Message said Windows recovered from an unexpected problem.  

 

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7601.2.1.0.768.3
  Locale ID: 1033
 
Additional information about the problem:
  BCCode: 116
  BCP1: FFFFFA800F531010
  BCP2: FFFFF8800F38FE2C
  BCP3: 0000000000000000
  BCP4: 0000000000000002
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 768_1
 
Files that help describe the problem:
  C:\Windows\Minidump\013018-19156-01.dmp
  C:\Users\Kathy\AppData\Local\Temp\WER-112648-0.sysdata.xml
 
Read our privacy statement online:
 
If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 
I will continue to use and see if anything else happens.  Thanks

#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 30 January 2018 - 04:41 PM

Hello kathyhatesspyware.

 

The computer is running well this morning.  I believe these steps have helped.  No popups yet.  
Thank you for your assistance.  Donation on the way.

I'm glad to hear that. You're most welcome!
 

Please update your Graphics Card drivers, test the computer for several hours and see if that can solve the Blue Screen issue.
 

Next, let's check for leftovers with ESET Online Scanner. This is a very thorough scan so may take several hours to complete but it's worth it.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


In your next reply, please post the ESET log (if it produced one) and let me know how is the computer running. Were there more Blue Screens of Death (BSOD)?

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 31 January 2018 - 11:16 AM

I will run the ESET scan this evening.  I did have a popup from thelittlethings this morning.  Thank you.

Attached Files


#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 31 January 2018 - 04:30 PM

Hello.

 

Okay, I'll wait for the ESET results.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#10 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 01 February 2018 - 04:58 PM

No threats were found.  The littlethings popped up twice today.  Once when I clicked on my Quicken program and once when I clicked on a new tab in Chrome.  Thanks


#11 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 02 February 2018 - 05:19 AM

Hello kathyhatesspyware.
 
Please proceed as follow in the order listed.

 

  • Open your favorite web browser, and go on VirusTotal
  • From there, click on the Upload and scan file button and wait for the Windows Explorer to open;
  • Browse to the file below, and wait until the scan is complete;

C:\Users\Kathy\WinHost32.exe

  • If you get a message that the file was already analyzed, click on the Re-analyze button;
  • At the end of the analysis, copy and paste the VirusTotal report URL in your next reply.

 

 

Read the instructions on the links below and clear the cache and cookies of all Internet browsers.
 
Microsoft Edge
http://www.thewindow...okies-data-edge
 
Internet Explorer
https://kb.wisc.edu/page.php?id=15141
 
Mozilla Firefox
https://kb.wisc.edu/...ge.php?id=17504
 
Google Chrome
https://support.goog...wer/32050?hl=en
 
 
Please read the instructions on the links below and reset all Internet browsers.
 
Microsoft Edge
How to Reset Microsoft Edge in Windows 10

Internet Explorer
https://support.micr...en-us/kb/923737
 
Mozilla Firefox
https://support.mozi...es-fix-problems
 
Google Chrome
https://support.goog...r/3296214?hl=en
 
 
Next,
 
Please download SystemLook from one of the links below and save it to your computer Desktop.
Download Mirror #1
Download Mirror #2

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main text field:
    :filefind
*littlethings*

:folderfind
*littlethings*

:regfind
*littlethings*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

 

Note: The log can also be found on your Desktop entitled SystemLook.txt
 
 

In your next reply, please post:
The entire contents of SystemLook.txt

The URL link to the result from scanning the file at VirusTotal.
 
Android 8888


Edited by Android 8888, 02 February 2018 - 08:02 AM.

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#12 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 02 February 2018 - 10:17 AM

Hello,

I cannot find this file: C:\Users\Kathy\WinHost32.exe

 

I cleared the cache and reset Chrome, Firefox and Internet Explorer.  I use Chrome most of the time.

 

I have not done the SystemLook task yet.  

 

I searched the computer for C:\Users\Kathy\WinHost32.exe after it did not appear in the drop down.  Could not find \WinHost32.exe extension.  

 

Thanks


#13 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 02 February 2018 - 10:53 AM

Hello,

 

Hello,

I cannot find this file: C:\Users\Kathy\WinHost32.exe

That's okay.

 

Please proceed with the instructions on my previous post to download SystemLook, run the scan and post the log.

 

Note: Download the tool from Mirror #2 since Mirror #1 is not working.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#14 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 06 February 2018 - 03:52 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:46 on 06/02/2018 by Kathy
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== filefind ==========
 
Searching for "*littlethings*"
C:\Users\Kathy\Desktop\littlethings.JPG --a---- 18877 bytes [16:23 31/01/2018] [16:23 31/01/2018] 3200FB0144E9A2A19FC9FCC049D48F8C
 
========== folderfind ==========
 
Searching for "*littlethings*"
C:\Users\Kathy\Desktop\Old Firefox Data\b2urxh9i.default-1453316315824\storage\default\https+++littlethings.com d------ [16:12 02/02/2018]
C:\Users\Kathy\Desktop\Old Firefox Data\b2urxh9i.default-1453316315824\storage\default\https+++www.littlethings.com d------ [16:12 02/02/2018]
C:\Users\Kathy\Desktop\Old Firefox Data\b2urxh9i.default-1453316315824\storage\temporary\http+++www.littlethings.com d------ [16:12 02/02/2018]
 
========== regfind ==========
 
Searching for "*littlethings*"
No data found.
 
-= EOF =-
 
Thank you

#15 kathyhatesspyware

kathyhatesspyware

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 06 February 2018 - 03:54 PM

I also tried thelittlethings but had no luck.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:52 on 06/02/2018 by Kathy
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== filefind ==========
 
Searching for "*thelittlethings*"
No files found.
 
========== folderfind ==========
 
Searching for "*thelittlethings*"
No folders found.
 
========== regfind ==========
 
Searching for "*thelittlethings*"
No data found.
 
-= EOF =-

#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 07 February 2018 - 05:53 AM

Hello kathyhatesspyware.

Okay, you need to download and run the 64 bit version of SystemLook for accurate results.

Delete the current executable file 'SystemLook.exe' and the log file 'SystemLook.txt' from your computer Desktop.

Please download SystemLook (64-Bit Version) and save it to the computer Desktop.

  • Right-click SystemLook_64.exe and select Run as administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Once SystemLook is open, copy the content of the following codebox and paste it into the main textfield of SystemLook:
    :filefind
*littlethings*

:folderfind
*littlethings*

:regfind
*littlethings*
  • Click the Look button to start the scan;
  • When finished, a Notepad window will open with the results of the scan. Please post the entire content of that log in your next reply.

Note: The log can also be found on your computer Desktop entitled SystemLook.txt.
 
Please let me know how is the computer behaving at this point.
 
Thank you.
 
Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#17 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,202 posts

Posted 31 August 2018 - 09:46 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.
Back to Resolved or inactive Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Resolved or inactive Malware Removal
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button