No problems, no changes noticed.
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Melissa (administrator) on MELISSA-HP (26-02-2018 09:46:07)
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-17] (Hewlett-Packard)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2010-05-10] (Sanford, L.P.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885512 2010-05-10] (Sanford, L.P.)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [HP Officejet Pro X476dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [Google Update] => C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45686582-087F-488B-8D39-6FF7B3553105}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-4217738634-494452904-935236969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-17] (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4217738634-494452904-935236969-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default [2018-02-26]
FF user.js: detected! => C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\user.js [2014-07-11]
FF Homepage: Mozilla\Firefox\Profiles\r05s7axb.default -> hxxps://
www.z2systems.com/np/clients/ms/login.jsp
hxxp://mattsorger.com/
hxxp://mattsorger.com/admin/index.php?S=0&D=cp&C=login
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-06-23]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2018-01-22]
FF Extension: (__MSG_appName__) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-23]
FF Extension: (Adblock Plus) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-20]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-05-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32:
@Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-11-21] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-4217738634-494452904-935236969-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Melissa\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-4217738634-494452904-935236969-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-4217738634-494452904-935236969-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://mattsorger.com/"
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default [2016-01-26]
CHR Extension: (Google Slides) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-01-26]
CHR Extension: (Google Sheets) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-26]
CHR Extension: (HP Client Security Manager) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-26]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-4217738634-494452904-935236969-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AC_Service.exe [310080 2016-11-14] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 CLVirtualDrive; C:\windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [28008 2013-09-20] (Intel Corporation)
R3 IceKore; C:\windows\System32\DRIVERS\IceKore.sys [401368 2013-09-29] (CryptoMill Technologies Inc.)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [195288 2017-10-13] (AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [348376 2017-10-13] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1040584 2018-02-20] (AO Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [57024 2018-02-20] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [135904 2017-03-13] (AO Kaspersky Lab)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-23] (Malwarebytes)
R3 MEIx64; C:\windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NETwNs64; C:\windows\System32\DRIVERS\NETwsw02.sys [3603424 2014-04-18] (Intel Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 PinFile; C:\windows\System32\DRIVERS\PinFile.sys [49856 2014-12-05] (WinMagic Inc.)
R0 PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 SDDisk2K; C:\windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-12-05] (WinMagic Inc.)
R0 SDDToki; C:\windows\System32\DRIVERS\SDDToki.sys [131264 2014-12-05] (WinMagic Inc.)
R3 usb3Hub; C:\windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-26 09:46 - 2018-02-26 09:46 - 000028929 _____ C:\Users\Melissa\Desktop\FRST.txt
2018-02-26 09:45 - 2018-02-26 09:46 - 000000000 ____D C:\FRST
2018-02-26 09:45 - 2018-02-26 09:45 - 002403328 _____ (Farbar) C:\Users\Melissa\Desktop\FRST64.exe
2018-02-19 16:15 - 2018-02-19 16:15 - 000000000 ____D C:\ProgramData\s8lg
2018-02-19 16:11 - 2018-02-19 16:11 - 000000000 ____D C:\ProgramData\s638
2018-02-19 16:11 - 2018-02-19 16:11 - 000000000 ____D C:\ProgramData\s5cc
2018-02-19 16:08 - 2018-02-19 16:08 - 000000000 ____D C:\ProgramData\s8ik
2018-02-19 16:08 - 2018-02-19 16:08 - 000000000 ____D C:\ProgramData\s8gk
2018-02-19 16:08 - 2018-02-19 16:08 - 000000000 ____D C:\ProgramData\s7hg
2018-02-19 10:34 - 2018-02-19 10:34 - 000000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2018-02-14 09:16 - 2018-02-01 20:41 - 000027680 _____ (PDF Complete, Inc.) C:\windows\system32\pdfc_port.dll
2018-02-13 14:58 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-02-13 14:58 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-02-13 14:58 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-02-13 14:58 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-02-13 14:58 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-02-13 14:58 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-02-13 14:58 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-02-13 14:58 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-02-13 14:58 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-02-13 14:58 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-02-13 14:58 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-02-13 14:58 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-02-13 14:58 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-02-13 14:58 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-02-13 14:58 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-02-13 14:58 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-02-13 14:58 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-02-13 14:58 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-02-13 14:58 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-02-13 14:58 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-02-13 14:58 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-02-13 14:58 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-02-13 14:58 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-02-13 14:58 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-02-13 14:58 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-02-13 14:58 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-02-13 14:58 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-02-13 14:58 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-02-13 14:58 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-02-13 14:58 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-02-13 14:58 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-02-13 14:58 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-02-13 14:58 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-02-13 14:58 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-02-13 14:58 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-02-13 14:58 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-02-13 14:58 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-02-13 14:58 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-02-13 14:58 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-02-13 14:58 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-02-13 14:58 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-02-13 14:58 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-02-13 14:58 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-02-13 14:58 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-02-13 14:58 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-02-13 14:58 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-02-13 14:58 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-02-13 14:58 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-02-13 14:58 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-02-13 14:58 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-02-13 14:58 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-13 14:58 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-02-13 14:58 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-02-13 14:58 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-02-13 14:58 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-02-13 14:58 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-02-13 14:58 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-02-13 14:58 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-02-13 14:58 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-02-13 14:58 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-02-13 14:58 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-02-13 14:58 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-02-13 14:58 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-02-13 14:58 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-02-13 14:58 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-02-13 14:58 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-02-13 14:58 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-02-13 14:58 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-02-13 14:58 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-02-13 14:58 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-02-13 14:58 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-02-13 14:58 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-02-13 14:58 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-02-13 14:58 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-02-13 14:58 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\windows\system32\xpsrchvw.exe
2018-02-13 14:58 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xpsrchvw.exe
2018-02-13 14:58 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2018-02-13 14:58 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2018-02-13 14:58 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2018-02-13 14:58 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-02-13 14:58 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-02-13 14:58 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-02-13 14:58 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-02-13 14:58 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-02-13 14:58 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-02-13 14:58 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-02-13 14:58 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-02-13 14:58 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-02-13 14:58 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-02-13 14:58 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-02-13 14:58 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-02-13 14:58 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-02-13 14:58 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-02-13 14:58 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-02-13 14:58 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-02-13 14:58 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-13 14:58 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2018-02-13 14:58 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2018-02-13 14:58 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-02-13 14:58 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-02-13 14:58 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-02-13 14:58 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2018-02-13 14:58 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2018-02-13 14:58 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-02-13 14:58 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-02-13 14:58 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2018-02-13 14:58 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2018-02-13 14:58 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\TabSvc.dll
2018-02-13 14:58 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2018-02-13 14:58 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2018-02-13 14:58 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\windows\system32\wisptis.exe
2018-02-13 14:57 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-02-13 14:57 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-02-13 14:57 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-02-13 14:57 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-02-13 14:57 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-02-13 14:57 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-02-13 14:57 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2018-02-13 14:57 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2018-02-13 14:57 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2018-02-13 14:57 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2018-02-13 14:57 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2018-02-13 14:57 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2018-02-13 14:57 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2018-02-13 14:57 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2018-02-13 14:57 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2018-02-13 14:57 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2018-02-13 14:57 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2018-02-13 14:57 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2018-02-13 14:56 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-02-13 14:56 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-02-13 14:56 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-02-08 20:33 - 2018-02-08 20:33 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-02 16:50 - 2018-02-02 16:50 - 000003466 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-Melissa-HP-Melissa
2018-02-02 10:44 - 2018-02-02 10:45 - 000000000 ____D C:\Users\Melissa\Desktop\Current Projects
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-26 09:45 - 2014-07-11 14:06 - 000000000 ____D C:\Users\Melissa\Documents\Outlook Files
2018-02-26 09:43 - 2016-11-15 10:27 - 000000000 ____D C:\Users\Melissa\AppData\LocalLow\Mozilla
2018-02-26 09:32 - 2016-06-28 09:16 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001UA.job
2018-02-26 09:32 - 2016-06-28 09:16 - 000000874 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001Core.job
2018-02-26 09:17 - 2014-07-10 12:01 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-02-26 04:53 - 2009-07-13 23:45 - 000029328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-26 04:53 - 2009-07-13 23:45 - 000029328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-26 02:00 - 2014-12-23 09:35 - 000000000 ____D C:\Users\Melissa\AppData\Local\Adobe
2018-02-25 19:33 - 2014-07-09 11:16 - 000003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D9C89A8E-3A1E-413C-86CF-140EA21DF15C}
2018-02-23 11:05 - 2017-12-05 16:30 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-02-23 09:46 - 2017-01-03 12:43 - 000003032 _____ C:\windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-02-23 09:35 - 2009-07-14 00:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2018-02-23 09:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-02-23 09:30 - 2014-05-25 11:27 - 000000000 ____D C:\ProgramData\PDFC
2018-02-23 09:30 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-02-22 15:06 - 2017-06-01 10:33 - 000019641 _____ C:\Users\Melissa\Desktop\INDIA.xlsx
2018-02-22 12:39 - 2017-09-12 11:03 - 000013284 _____ C:\Users\Melissa\Desktop\PHILIPPINES.xlsx
2018-02-22 12:18 - 2014-07-10 12:52 - 000000000 ____D C:\Users\Melissa\Documents\Email Templates
2018-02-20 10:04 - 2016-09-12 23:03 - 001040584 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2018-02-20 10:04 - 2016-09-12 23:03 - 000057024 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klim6.sys
2018-02-19 15:17 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.001
2018-02-19 10:09 - 2015-05-21 14:03 - 000000000 ____D C:\Users\Melissa\AppData\Local\Citrix
2018-02-19 10:06 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.002
2018-02-16 14:28 - 2016-09-20 12:22 - 000000000 ____D C:\Users\Melissa\Documents\Info
2018-02-16 09:06 - 2016-10-21 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-16 09:06 - 2014-07-09 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 09:06 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.003
2018-02-16 09:03 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2018-02-14 09:16 - 2016-10-07 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2018-02-14 09:16 - 2014-05-25 11:27 - 000000000 ____D C:\Program Files (x86)\PDF Complete
2018-02-14 09:14 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.004
2018-02-14 09:05 - 2011-02-11 15:29 - 000773912 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-02-14 04:23 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2018-02-14 03:37 - 2009-07-13 23:45 - 000628184 _____ C:\windows\system32\FNTCACHE.DAT
2018-02-14 03:34 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.005
2018-02-14 03:31 - 2014-12-11 10:39 - 000000000 ____D C:\windows\system32\appraiser
2018-02-14 03:16 - 2014-07-09 11:40 - 000000000 ____D C:\windows\system32\MRT
2018-02-14 03:12 - 2017-10-11 02:11 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-02-14 03:12 - 2014-07-09 11:40 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-02-14 03:09 - 2014-07-09 16:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-02-14 03:04 - 2009-07-13 21:34 - 000000478 _____ C:\windows\win.ini
2018-02-13 02:00 - 2015-06-19 07:59 - 000000000 ____D C:\Users\Melissa\AppData\Local\CrashDumps
2018-02-08 20:33 - 2014-08-18 08:37 - 000000000 ___RD C:\Users\Melissa\Dropbox
2018-02-08 20:33 - 2014-08-18 08:34 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Dropbox
2018-02-07 05:15 - 2014-07-10 16:35 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 05:15 - 2014-07-10 16:35 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 05:15 - 2014-07-10 16:35 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 05:15 - 2014-07-10 16:35 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-02-07 05:15 - 2014-07-10 16:35 - 000000000 ____D C:\windows\system32\Macromed
2018-02-06 10:19 - 2014-07-09 15:18 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Stamps.com Internet Postage
2018-02-02 16:49 - 2014-07-09 11:16 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Adobe
2018-01-29 14:45 - 2015-02-11 15:00 - 000000000 ____D C:\Users\Melissa\Documents\Phone Scripts
==================== Files in the root of some directories =======
2014-07-09 15:21 - 2014-07-09 15:21 - 000025628 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-09-28 08:56 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\Melissa\AppData\Local\Z@!-2cd7ee51-68f8-4991-b759-79c54b472976.tmp
2016-09-28 08:56 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\Melissa\AppData\Local\Z@!-d04af8d0-7042-4908-a358-668c2bcaf9c7.tmp
2016-09-28 08:56 - 2016-07-14 04:09 - 000009216 _____ () C:\Users\Melissa\AppData\Local\Z@S!-baf06229-e408-4759-9347-506d2972a136.tmp
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-17 00:50
==================== End of FRST.txt ============================