Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Trojan PDF Agents in Temporary Folder on Windows

Solved 
12K views 26 replies 3 participants last post by  capnkrunch 
#1 ·
Hello and thanks for taking the time to look at my post,

Kaspersky recently found a trojan when running a scan. It said "Object (File) Detected" in C:\Windows\Temp\PFCA82.pdf. The object name was listed as HEUR:Trojan.PDF.Agent.gen.

It was detected but not processed so I went into the temporary folder but it wasn't listed there. I deleted everything I could in the temporary folder and checked to make sure my computer was up to date (which it was). Then I ran a couple scans (a quick scan on kaspersky and a scan using malwarebytes free version) and neither found anything. Kaspersky said the trojan pdf was deleted after the new scan so I thought everything might be fine but I wasn't convinced.

I restarted my computer and ran another scan. A full scan revealed a new trojan (same type as the previous) in my temporary folder named "PFD182.pdf". Kaspersky did manage to quarantine and delete it this time. When I looked in the temporary folder, a bunch of files were there that weren't after I had cleared them out. I'm not sure where it's hiding and how I can get rid of it for good. The weird thing is I haven't downloaded anything at all recently that could have possibly given me a trojan nor have I visited any new or strange websites. It's beyond me how this even could have happened. Would appreciate any help/insight someone could give me.

Thanks,
Melissa

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 8120 Mb
Graphics Card: Intel(R) HD Graphics 4600, -1984 Mb
Hard Drives: C: 919 GB (720 GB Free); D: 11 GB (1 GB Free); E: 0 GB (0 GB Free); G: 1862 GB (1189 GB Free);
Motherboard: Hewlett-Packard, 198E
Antivirus: Kaspersky Internet Security, Enabled and Updated
 
See less See more
#4 ·
Hello SCTR :)

That's good that nothing has come back for a couple days. We can definitely run some scans to see if anything else is hanging around. First, the standard disclaimers and ground rules.

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.
Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

 
#5 ·
Please run the following scan:

FRST Scan
  • Please download FRST by Farbar, and save it to your Desktop.
    You need to download and run the 64-bit version.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST64.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finished
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
 
#6 ·
No problems, no changes noticed.

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by Melissa (administrator) on MELISSA-HP (26-02-2018 09:46:07)
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-17] (Hewlett-Packard)
HKLM-x32\...\Run: [DLSService] => C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2010-05-10] (Sanford, L.P.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [1194048 2018-02-01] (PDF Complete Inc)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885512 2010-05-10] (Sanford, L.P.)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [HP Officejet Pro X476dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Run: [Google Update] => C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-13] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45686582-087F-488B-8D39-6FF7B3553105}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-4217738634-494452904-935236969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-17] (Hewlett-Packard)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4217738634-494452904-935236969-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2017-01-03] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default [2018-02-26]
FF user.js: detected! => C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\user.js [2014-07-11]
FF Homepage: Mozilla\Firefox\Profiles\r05s7axb.default -> hxxps://www.z2systems.com/np/clients/ms/login.jsp
hxxp://mattsorger.com/
hxxp://mattsorger.com/admin/index.php?S=0&D=cp&C=login
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2017-06-23]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2018-01-22]
FF Extension: (__MSG_appName__) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2017-10-23]
FF Extension: (Adblock Plus) - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-20]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-05-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-11-21] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-4217738634-494452904-935236969-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Melissa\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-4217738634-494452904-935236969-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-4217738634-494452904-935236969-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://mattsorger.com/"
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default [2016-01-26]
CHR Extension: (Google Slides) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-26]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-26]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-26]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-01-26]
CHR Extension: (Google Sheets) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-26]
CHR Extension: (HP Client Security Manager) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-01-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-26]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-26]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-4217738634-494452904-935236969-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AC_Service.exe [310080 2016-11-14] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-05-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [28008 2013-09-20] (Intel Corporation)
R3 IceKore; C:\windows\System32\DRIVERS\IceKore.sys [401368 2013-09-29] (CryptoMill Technologies Inc.)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [195288 2017-10-13] (AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [348376 2017-10-13] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1040584 2018-02-20] (AO Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [57024 2018-02-20] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [135904 2017-03-13] (AO Kaspersky Lab)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-02-23] (Malwarebytes)
R3 MEIx64; C:\windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NETwNs64; C:\windows\System32\DRIVERS\NETwsw02.sys [3603424 2014-04-18] (Intel Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R0 PinFile; C:\windows\System32\DRIVERS\PinFile.sys [49856 2014-12-05] (WinMagic Inc.)
R0 PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 SDDisk2K; C:\windows\System32\DRIVERS\SDDisk2K.sys [228544 2014-12-05] (WinMagic Inc.)
R0 SDDToki; C:\windows\System32\DRIVERS\SDDToki.sys [131264 2014-12-05] (WinMagic Inc.)
R3 usb3Hub; C:\windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-26 09:46 - 2018-02-26 09:46 - 000028929 _____ C:\Users\Melissa\Desktop\FRST.txt
2018-02-26 09:45 - 2018-02-26 09:46 - 000000000 ____D C:\FRST
2018-02-26 09:45 - 2018-02-26 09:45 - 002403328 _____ (Farbar) C:\Users\Melissa\Desktop\FRST64.exe
2018-02-19 16:15 - 2018-02-19 16:15 - 000000000 ____D C:\ProgramData\s8lg
2018-02-19 16:11 - 2018-02-19 16:11 - 000000000 ____D C:\ProgramData\s638
2018-02-19 16:11 - 2018-02-19 16:11 - 000000000 ____D C:\ProgramData\s5cc
2018-02-19 16:08 - 2018-02-19 16:08 - 000000000 ____D C:\ProgramData\s8ik
2018-02-19 16:08 - 2018-02-19 16:08 - 000000000 ____D C:\ProgramData\s8gk
2018-02-19 16:08 - 2018-02-19 16:08 - 000000000 ____D C:\ProgramData\s7hg
2018-02-19 10:34 - 2018-02-19 10:34 - 000000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2018-02-14 09:16 - 2018-02-01 20:41 - 000027680 _____ (PDF Complete, Inc.) C:\windows\system32\pdfc_port.dll
2018-02-13 14:58 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-02-13 14:58 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-02-13 14:58 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-02-13 14:58 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-02-13 14:58 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-02-13 14:58 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-02-13 14:58 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-02-13 14:58 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-02-13 14:58 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-02-13 14:58 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-02-13 14:58 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-02-13 14:58 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-02-13 14:58 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-02-13 14:58 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-02-13 14:58 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-02-13 14:58 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-02-13 14:58 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-02-13 14:58 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-02-13 14:58 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-02-13 14:58 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-02-13 14:58 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-02-13 14:58 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-02-13 14:58 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-02-13 14:58 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-02-13 14:58 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-02-13 14:58 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-02-13 14:58 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-02-13 14:58 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-02-13 14:58 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-02-13 14:58 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-02-13 14:58 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-02-13 14:58 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-02-13 14:58 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-02-13 14:58 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-02-13 14:58 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-02-13 14:58 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-02-13 14:58 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-02-13 14:58 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-02-13 14:58 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-02-13 14:58 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-02-13 14:58 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-02-13 14:58 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-02-13 14:58 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-02-13 14:58 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-02-13 14:58 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-02-13 14:58 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-02-13 14:58 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-02-13 14:58 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-02-13 14:58 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-02-13 14:58 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-02-13 14:58 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-02-13 14:58 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-02-13 14:58 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-02-13 14:58 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-02-13 14:58 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-02-13 14:58 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-02-13 14:58 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-02-13 14:58 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-02-13 14:58 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-02-13 14:58 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-02-13 14:58 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-02-13 14:58 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-02-13 14:58 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-02-13 14:58 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-02-13 14:58 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-02-13 14:58 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-02-13 14:58 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-02-13 14:58 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-02-13 14:58 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2018-02-13 14:58 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-02-13 14:58 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-02-13 14:58 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-02-13 14:58 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-02-13 14:58 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-02-13 14:58 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-02-13 14:58 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\windows\system32\xpsrchvw.exe
2018-02-13 14:58 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xpsrchvw.exe
2018-02-13 14:58 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2018-02-13 14:58 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2018-02-13 14:58 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2018-02-13 14:58 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-02-13 14:58 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-02-13 14:58 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-02-13 14:58 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-02-13 14:58 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-02-13 14:58 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-02-13 14:58 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-02-13 14:58 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-02-13 14:58 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-02-13 14:58 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-02-13 14:58 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-02-13 14:58 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-02-13 14:58 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-02-13 14:58 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-02-13 14:58 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-02-13 14:58 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-02-13 14:58 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-02-13 14:58 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-02-13 14:58 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2018-02-13 14:58 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdosys.dll
2018-02-13 14:58 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-02-13 14:58 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2018-02-13 14:58 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2018-02-13 14:58 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2018-02-13 14:58 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2018-02-13 14:58 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2018-02-13 14:58 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2018-02-13 14:58 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2018-02-13 14:58 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2018-02-13 14:58 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\TabSvc.dll
2018-02-13 14:58 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2018-02-13 14:58 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2018-02-13 14:58 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\windows\system32\wisptis.exe
2018-02-13 14:57 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-02-13 14:57 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-02-13 14:57 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-02-13 14:57 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-02-13 14:57 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-02-13 14:57 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-02-13 14:57 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2018-02-13 14:57 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2018-02-13 14:57 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2018-02-13 14:57 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2018-02-13 14:57 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2018-02-13 14:57 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2018-02-13 14:57 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2018-02-13 14:57 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2018-02-13 14:57 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2018-02-13 14:57 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2018-02-13 14:57 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2018-02-13 14:57 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2018-02-13 14:56 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-02-13 14:56 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-02-13 14:56 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-02-13 14:56 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-02-08 20:33 - 2018-02-08 20:33 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-02 16:50 - 2018-02-02 16:50 - 000003466 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-Melissa-HP-Melissa
2018-02-02 10:44 - 2018-02-02 10:45 - 000000000 ____D C:\Users\Melissa\Desktop\Current Projects

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-26 09:45 - 2014-07-11 14:06 - 000000000 ____D C:\Users\Melissa\Documents\Outlook Files
2018-02-26 09:43 - 2016-11-15 10:27 - 000000000 ____D C:\Users\Melissa\AppData\LocalLow\Mozilla
2018-02-26 09:32 - 2016-06-28 09:16 - 000000926 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001UA.job
2018-02-26 09:32 - 2016-06-28 09:16 - 000000874 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001Core.job
2018-02-26 09:17 - 2014-07-10 12:01 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-02-26 04:53 - 2009-07-13 23:45 - 000029328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-26 04:53 - 2009-07-13 23:45 - 000029328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-26 02:00 - 2014-12-23 09:35 - 000000000 ____D C:\Users\Melissa\AppData\Local\Adobe
2018-02-25 19:33 - 2014-07-09 11:16 - 000003942 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D9C89A8E-3A1E-413C-86CF-140EA21DF15C}
2018-02-23 11:05 - 2017-12-05 16:30 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-02-23 09:46 - 2017-01-03 12:43 - 000003032 _____ C:\windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-02-23 09:35 - 2009-07-14 00:13 - 000781790 _____ C:\windows\system32\PerfStringBackup.INI
2018-02-23 09:35 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2018-02-23 09:30 - 2014-05-25 11:27 - 000000000 ____D C:\ProgramData\PDFC
2018-02-23 09:30 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-02-22 15:06 - 2017-06-01 10:33 - 000019641 _____ C:\Users\Melissa\Desktop\INDIA.xlsx
2018-02-22 12:39 - 2017-09-12 11:03 - 000013284 _____ C:\Users\Melissa\Desktop\PHILIPPINES.xlsx
2018-02-22 12:18 - 2014-07-10 12:52 - 000000000 ____D C:\Users\Melissa\Documents\Email Templates
2018-02-20 10:04 - 2016-09-12 23:03 - 001040584 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2018-02-20 10:04 - 2016-09-12 23:03 - 000057024 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klim6.sys
2018-02-19 15:17 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.001
2018-02-19 10:09 - 2015-05-21 14:03 - 000000000 ____D C:\Users\Melissa\AppData\Local\Citrix
2018-02-19 10:06 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.002
2018-02-16 14:28 - 2016-09-20 12:22 - 000000000 ____D C:\Users\Melissa\Documents\Info
2018-02-16 09:06 - 2016-10-21 08:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-16 09:06 - 2014-07-09 13:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-16 09:06 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.003
2018-02-16 09:03 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2018-02-14 09:16 - 2016-10-07 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2018-02-14 09:16 - 2014-05-25 11:27 - 000000000 ____D C:\Program Files (x86)\PDF Complete
2018-02-14 09:14 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.004
2018-02-14 09:05 - 2011-02-11 15:29 - 000773912 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2018-02-14 04:23 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2018-02-14 03:37 - 2009-07-13 23:45 - 000628184 _____ C:\windows\system32\FNTCACHE.DAT
2018-02-14 03:34 - 2014-05-25 11:26 - 000000225 _____ C:\windows\CryptoMill_CreoService.005
2018-02-14 03:31 - 2014-12-11 10:39 - 000000000 ____D C:\windows\system32\appraiser
2018-02-14 03:16 - 2014-07-09 11:40 - 000000000 ____D C:\windows\system32\MRT
2018-02-14 03:12 - 2017-10-11 02:11 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-02-14 03:12 - 2014-07-09 11:40 - 130067560 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-02-14 03:09 - 2014-07-09 16:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-02-14 03:04 - 2009-07-13 21:34 - 000000478 _____ C:\windows\win.ini
2018-02-13 02:00 - 2015-06-19 07:59 - 000000000 ____D C:\Users\Melissa\AppData\Local\CrashDumps
2018-02-08 20:33 - 2014-08-18 08:37 - 000000000 ___RD C:\Users\Melissa\Dropbox
2018-02-08 20:33 - 2014-08-18 08:34 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Dropbox
2018-02-07 05:15 - 2014-07-10 16:35 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-02-07 05:15 - 2014-07-10 16:35 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-07 05:15 - 2014-07-10 16:35 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-02-07 05:15 - 2014-07-10 16:35 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-02-07 05:15 - 2014-07-10 16:35 - 000000000 ____D C:\windows\system32\Macromed
2018-02-06 10:19 - 2014-07-09 15:18 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Stamps.com Internet Postage
2018-02-02 16:49 - 2014-07-09 11:16 - 000000000 ____D C:\Users\Melissa\AppData\Roaming\Adobe
2018-01-29 14:45 - 2015-02-11 15:00 - 000000000 ____D C:\Users\Melissa\Documents\Phone Scripts

==================== Files in the root of some directories =======

2014-07-09 15:21 - 2014-07-09 15:21 - 000025628 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2016-09-28 08:56 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\Melissa\AppData\Local\Z@!-2cd7ee51-68f8-4991-b759-79c54b472976.tmp
2016-09-28 08:56 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\Melissa\AppData\Local\Z@!-d04af8d0-7042-4908-a358-668c2bcaf9c7.tmp
2016-09-28 08:56 - 2016-07-14 04:09 - 000009216 _____ () C:\Users\Melissa\AppData\Local\Z@S!-baf06229-e408-4759-9347-506d2972a136.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-17 00:50

==================== End of FRST.txt ============================
 
#7 ·
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by Melissa (26-02-2018 09:46:59)
Running from C:\Users\Melissa\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-07-09 16:15:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4217738634-494452904-935236969-500 - Administrator - Disabled)
Guest (S-1-5-21-4217738634-494452904-935236969-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4217738634-494452904-935236969-1003 - Limited - Enabled)
Melissa (S-1-5-21-4217738634-494452904-935236969-1001 - Administrator - Enabled) => C:\Users\Melissa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_0) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DesignPro 5 (HKLM-x32\...\{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison) Hidden
DesignPro 5 (HKLM-x32\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4217738634-494452904-935236969-1001\...\Dropbox) (Version: 43.4.50 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.2.996 - Sanford, L.P.)
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.2.0.1084 - Citrix Online, a division of Citrix Systems, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.2.1744 - Hewlett-Packard Company)
HP Color LaserJet CP3525 PCL 6 [HP Color LaserJet CP3525 PCL 6] (HKLM\...\HP Color LaserJet CP3525 PCL 6) (Version: 05/08/2008 61.082.61.41 - HP)
HP Color LaserJet CP3525 Screen Fonts (HKLM-x32\...\{AF79934E-ED58-410A-9CCB-9434E2115A21}) (Version: 2.0.0.0 - Hewlett Packard, Co.)
HP Color LaserJet CP3525 User Guide (HKLM-x32\...\{ECF9CEBF-53E0-446D-9C0A-8F1453C5DC78}) (Version: 1.0.0.0 - Hewlett Packard, Co.)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A4DA13A9-5086-4581-AE32-A05EFB815A54}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.14.20 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.13.1 - Hewlett-Packard Company)
HP Officejet Pro X476dw MFP Basic Device Software (HKLM\...\{39A2D5AC-305A-4FAD-8845-4CC8C76C0BE2}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro X476dw MFP Help (HKLM-x32\...\{D99D6F87-451C-4BCF-8053-DC62C8E341B9}) (Version: 29.0.0 - Hewlett Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.8.47.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.3.0.5 - Hewlett-Packard Company)
HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.3.6.16976 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{201B03D6-FDDA-4C70-8A15-887F5B3CE365}) (Version: 4.2.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Product Improvement Study for HP Officejet Pro X476dw MFP (HKLM\...\{3531419E-DA6B-45DD-BFF7-9105F1A67807}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.19.0 - Seagate)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}_Office15.STANDARD_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Stamps.com (HKLM-x32\...\{698AC01B-DF0C-4BCE-940C-EB29AD23A560}) (Version: 15.2.0.3459 - Stamps.com, Inc.) Hidden
Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
Update for Skype for Business 2015 (KB4011678) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.STANDARD_{8E63F16F-BC60-413E-8ABA-DAD375D2C356}) (Version: - Microsoft)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{8A589AFF-8DA8-49C5-B89B-20C9DF31F2B7}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.30.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4217738634-494452904-935236969-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-19] (Cyberlink)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers1: [ShredContextMenu] -> {85EFA470-665A-4322-AB1E-1EB9C70F61C8} => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll [2013-09-17] ()
ContextMenuHandlers1: [TrustBoundaryMgrExt] -> {A93C63E9-BABA-4456-AAF7-A0930FAFA985} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbshell.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-19] (Cyberlink)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers4: [ShredContextMenu] -> {85EFA470-665A-4322-AB1E-1EB9C70F61C8} => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll [2013-09-17] ()
ContextMenuHandlers4: [TrustBoundaryMgrExt] -> {A93C63E9-BABA-4456-AAF7-A0930FAFA985} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbshell.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-06-03] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-13] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [TrustBoundaryMgrExt] -> {A93C63E9-BABA-4456-AAF7-A0930FAFA985} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbshell.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ContextMenuHandlers1_S-1-5-21-4217738634-494452904-935236969-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-4217738634-494452904-935236969-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-4217738634-494452904-935236969-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-02-08] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C232E0-0F51-4EC1-8E53-F24C80B25F8C} - System32\Tasks\AdobeAAMUpdater-1.0-Melissa-HP-Melissa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {2F198BB8-8B25-4681-95C9-A7FD7092234D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {35A24E8B-3114-4612-AF17-7F90A7A61E9B} - System32\Tasks\Melissa DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-06-28] (Seagate Technology LLC)
Task: {3630CC87-032F-44A6-88E7-3180F266B278} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {51026885-4DC2-4664-A68C-BAF8F6C767D7} - System32\Tasks\Melissa Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC)
Task: {76E85D02-D419-4481-BEB7-4AAA1DCCC32B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7BA09825-4902-4589-88AD-27C9A595F3CB} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {7C1361BE-E01F-4076-8889-A56D9B3072DC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {82BDC4CC-808F-4C52-BB1F-58C8F148C4BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001Core => C:\Users\Melissa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-06-28] (Dropbox, Inc.)
Task: {87040D65-5D59-41D8-9671-2B36FCA37BE4} - System32\Tasks\HP AR Program Upload - 1d42ea43146b4de8bc8d502de978350106f6291e46c049639db8c32ad3c55a5d => C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {8997FF35-6EBB-432F-A22A-E5DDAEFCDA62} - System32\Tasks\Melissa => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC)
Task: {90AB8BBF-7078-48C9-990A-04CC1CCCB28A} - System32\Tasks\{57802514-E8B6-4A6A-A3D5-4A2F65668627} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.16.0.102&LastError=404
Task: {917266B1-8FF2-41C0-B2C8-67DD5956CBA4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {A4B97A14-FC7E-4FC8-A83B-C724677BCCD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {AC485975-137B-469C-B239-6F90BF8746FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001UA => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {AC573401-0691-4FF4-A90F-8A9F1639C7F5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001UA => C:\Users\Melissa\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-06-28] (Dropbox, Inc.)
Task: {B979726A-1296-473C-925A-BFA732BB537A} - System32\Tasks\{DD7F2CF9-CB2F-42C9-AF61-1BD3F4D97BC6} => C:\windows\system32\pcalua.exe -a C:\Users\Melissa\Downloads\stamps.exe -d C:\Users\Melissa\Downloads
Task: {BA574732-17C2-4E97-9108-44E3DED4DF42} - System32\Tasks\HPCustParticipation HP Officejet Pro X476dw MFP => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {BCB18001-A82F-4309-AB22-E1C9D2386749} - System32\Tasks\AdobeGCInvoker-1.0-Melissa-HP-Melissa => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {C8520FA1-6504-4131-BD3A-A89EB0ED124E} - System32\Tasks\HP AR Program Upload - 32de8714d4be44dfa06c05d24c3ffeea2233e61c5b1f458ebec4935254e9f16c => C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)
Task: {C9C64AA5-8F84-4221-9E51-91A89FD1330E} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC)
Task: {EBF3E376-E950-4D5B-9AC5-C5034D7D6BB4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EFDF7C86-023B-40E1-9B1E-C3DFCC6700C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001Core => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-15] (Google Inc.)
Task: {FC66A517-8D1D-4B54-B1F6-8D246C818BCB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001Core.job => C:\Users\Melissa\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4217738634-494452904-935236969-1001UA.job => C:\Users\Melissa\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-08-14 15:06 - 2013-08-14 15:06 - 000007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-23 07:29 - 2017-02-23 07:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-17 13:32 - 2013-09-17 13:32 - 002654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2017-12-05 16:30 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2010-05-10 22:52 - 2010-05-10 22:52 - 000094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2018-02-08 20:33 - 2018-02-08 15:10 - 000740168 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-02-08 20:33 - 2018-02-08 15:10 - 002079048 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2016-06-28 09:17 - 2018-02-08 15:10 - 000100312 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000018896 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\select.pyd
2016-06-28 09:17 - 2018-02-08 15:12 - 000020808 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000035808 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000694232 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000021856 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000130520 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 001856864 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000022880 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-02-08 20:33 - 2018-02-08 15:10 - 000145880 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-02-08 20:33 - 2018-02-08 15:10 - 000116696 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-06-28 09:17 - 2018-02-08 15:10 - 000105944 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 15:13 - 2018-02-08 15:13 - 000022872 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000063312 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000024536 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000077120 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-02-08 20:33 - 2018-02-08 15:10 - 000020952 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000124888 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000116184 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-02-08 20:33 - 2018-02-08 15:10 - 000392664 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-06-28 09:17 - 2018-02-08 15:12 - 000392520 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-05 15:13 - 2018-02-08 15:13 - 000026464 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000024024 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000175576 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000030168 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000043480 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-09-21 12:33 - 2018-02-08 15:10 - 000026072 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32job.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000048600 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000057816 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000021840 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-09-08 13:57 - 2018-02-08 15:13 - 000023376 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000022864 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-05-15 13:06 - 2018-02-08 15:12 - 000066400 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 001796416 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000084944 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\sip.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 001956672 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 003859272 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000155472 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000521032 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000051024 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000043336 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000131400 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000219984 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000204104 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-06-28 09:17 - 2018-02-08 15:13 - 000025440 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000060888 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-27 19:21 - 2018-02-08 15:13 - 000054616 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000024024 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-23 17:54 - 2018-02-08 15:13 - 000022880 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000028632 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-01-23 17:54 - 2018-02-08 15:13 - 000022368 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 17:54 - 2018-02-08 15:13 - 000021856 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 17:54 - 2018-02-08 15:13 - 000022368 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000027496 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-28 09:17 - 2018-02-08 15:10 - 000349144 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-06-28 09:17 - 2018-02-08 15:13 - 000023904 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000025432 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-02-08 20:33 - 2018-02-08 15:10 - 000036312 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-11 14:34 - 2018-02-08 15:13 - 000021856 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000181064 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-11 14:33 - 2018-02-08 15:12 - 000030544 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000024384 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-02-08 20:33 - 2018-02-08 15:12 - 001638208 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-08-05 15:13 - 2018-02-08 15:13 - 000026464 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000545096 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000359232 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-02-08 20:33 - 2018-02-08 15:12 - 000038216 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2014-05-25 11:19 - 2013-08-08 16:25 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4217738634-494452904-935236969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: BingSvc => C:\Users\Melissa\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Melissa\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Google Update => C:\Users\Melissa\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Sdrive startup => C:\Program Files (x86)\Seagate\Sdrive\Sdrive.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7F8B12C4-96DE-4E6E-BE89-B814D9D4996A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7D39DCF2-D1B5-4DE1-B721-7256F4129783}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{7D9F16A5-52F5-4941-AB65-18191F6BBF93}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{95191BDC-9F96-46DF-ADB9-C231AA1E63D1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{857C56B5-61E2-4D78-B674-3B1BFE1DBF04}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{094D1ED9-AFA2-4F2D-9CFB-1361961406A4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F49C26B4-3BE1-48D9-A582-78EC1B7BF9BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{387CD2D5-C72B-482D-B71E-F50DF196E37E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD291102-D9BD-4421-95CA-8D1BDDA2A4D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1EB2B7C-8A42-4A7E-A552-42A565BE973D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6A662F0E-4E9A-4264-BDC4-41D8404966DA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{B4A0FAEC-71BA-4810-B982-B8D52BA410D0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0B15825D-E769-4770-8A9C-42FAC5B76584}] => (Allow) F:\install\data\Disk1\setup.exe
FirewallRules: [{F0CA6134-B6CA-471F-8E4B-96D8D7D388C8}] => (Allow) F:\install\data\Disk1\setup.exe
FirewallRules: [{4D5F7F18-DDA6-48B8-9088-8C71311D3C7C}] => (Allow) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7E9903FD-5811-453B-B6D3-E9B3E3AB506D}] => (Allow) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3506E9F8-7EEE-4B0A-A0E5-C2C6F94E9796}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{408BF981-DA56-4791-8D4E-65012837AEB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0318CAA9-5C2A-4160-944C-134397AB2107}C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{563EE6A0-1D46-4ECA-876D-5F250C06CD85}C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{33191AA7-6C43-478D-A519-85A628976D2D}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\FaxApplications.exe
FirewallRules: [{2A58C90E-6DB0-4A21-828B-707E0ADB3281}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\DigitalWizards.exe
FirewallRules: [{7A4C2316-C77A-4E5E-BBF5-2363A55DB9B1}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\SendAFax.exe
FirewallRules: [{2EF2F2FB-A24F-4FF4-A197-4B0CEA155774}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\DeviceSetup.exe
FirewallRules: [{E6DB9F6A-6406-47C1-AD8B-20FFE3889318}] => (Allow) LPort=5357
FirewallRules: [{0A14FEE3-1793-44E3-ABC0-5B0A97D482E2}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E964C603-EBFB-48E6-AA55-7B4CBC90336B}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\7zS0CDA\HPDiagnosticCoreUI.exe
FirewallRules: [{A9F58A09-D1FB-4111-A166-EA51AE8A01E9}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\7zS0CDA\HPDiagnosticCoreUI.exe
FirewallRules: [{D40A32C8-0E7B-48EC-B11A-E353016FA815}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\hpdiu2\HPDIU\HPDIUNetwork.exe
FirewallRules: [{4BAB96C9-10EB-4D6D-9D79-DA2D23278F88}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\hpdiu2\HPDIU\HPDIUNetwork.exe
FirewallRules: [{B409A6CA-4CD8-483E-9CBA-3A9AC0D0CA99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2229C349-B5EB-456F-AF6C-66E6F0A9A1F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D614FA7-A616-4F77-B566-9517F9797255}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E00431A-0773-47FC-8773-79826DB4E3A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{925F98A2-AF95-49CB-A2D1-4889F8AEDE3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4284A76-838D-4D8D-8D02-639E4AED1E79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39B48EEB-EBCE-4DA9-A34D-B2DF9DAB330C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{646F158D-AD9A-4F1E-AAFF-D6A3413D7B77}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\7zS3D01\HPDiagnosticCoreUI.exe
FirewallRules: [{C5E7AD32-08AE-415C-AEAD-8F5B1AA2A681}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\7zS3D01\HPDiagnosticCoreUI.exe
FirewallRules: [{A345BF74-73E1-4619-9A07-2BFE2590E71B}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\7zS3D32\HPDiagnosticCoreUI.exe
FirewallRules: [{6B3362D1-80D5-41B7-A107-3724E4714A79}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\7zS3D32\HPDiagnosticCoreUI.exe
FirewallRules: [{24820BC3-ADD2-43E6-AF34-4B8CA079FB0A}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{2EAB134D-1C6E-4296-9266-A1BB8CBF9DC1}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{B87AC884-7FB5-4979-9D72-F505DDB24898}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{815A6FFD-8E7A-4614-8D3D-4F7B9FEF62B5}] => (Allow) LPort=8888
FirewallRules: [{D8E924D7-0009-4452-9414-84E6D7EE4F91}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

22-02-2018 00:00:01 Scheduled Checkpoint
23-02-2018 05:26:09 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel(R) Dual Band Wireless-N 7260
Description: Intel(R) Dual Band Wireless-N 7260
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Personal Cloud
Description: Personal Cloud
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: klids
Description: klids
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: klids
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2018 04:36:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 15.0.5007.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 165c

Start Time: 01d3acb3392145e5

Termination Time: 33

Application Path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

Report Id: 91e80220-18e1-11e8-a398-9cb654efb97d

Error: (02/23/2018 08:28:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

Error: (02/23/2018 08:28:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006

Error: (02/23/2018 08:28:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/23/2018 08:28:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5008

Error: (02/23/2018 08:28:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5008

Error: (02/23/2018 08:28:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/23/2018 08:28:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009

System errors:
=============
Error: (02/26/2018 08:49:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 63 time(s).

Error: (02/26/2018 07:48:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 62 time(s).

Error: (02/26/2018 06:48:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 61 time(s).

Error: (02/26/2018 05:47:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 60 time(s).

Error: (02/26/2018 04:47:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 59 time(s).

Error: (02/26/2018 03:46:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 58 time(s).

Error: (02/26/2018 02:43:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 57 time(s).

Error: (02/26/2018 01:43:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 56 time(s).

CodeIntegrity:
===================================

Date: 2014-10-10 09:40:10.615
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 09:40:10.600
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 09:40:10.600
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 09:40:10.584
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 09:40:10.584
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 09:40:10.584
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-09 09:38:22.134
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-09 09:38:22.134
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8120.17 MB
Available physical RAM: 5176.13 MB
Total Virtual: 16238.5 MB
Available Virtual: 12130.47 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:919.19 GB) (Free:724.74 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.22 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1189.71 GB) NTFS

\\?\Volume{749ec824-02e9-11e4-aeac-806e6f6e6963}\ (SYSTEM ) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8E86C401)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 5BFC246C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#8 ·
Hello SCTR :)

Is this a work or business computer? I need to know in order to provide accurate instructions. Also, please run the following scans:

Step one...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Step two...

MGA Diagnostic Tool
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run as adminsitrator.
  • Click on Continue to run the scan.
  • Once the scan is finished click Copy to copy the results. Paste them in your reply.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • ckfiles.txt
  • The MGA Diagnostic report
  • Are there any changes in computer behavior?
 
#9 ·
Yes, I use this computer for work. No problems with instructions, the CKScanner didn't respond for a little while but then worked fine.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe dreamweaver cc 2017\configuration\taglibraries\html\keygen.vtm
scanner sequence 3.AP.11.UQNADZ
----- EOF -----
 
#10 ·
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-788W3-H689G-6P6GT
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {12067D6B-9878-4CC1-8EFF-0D5637A05D4A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_ldr.180112-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{12067D6B-9878-4CC1-8EFF-0D5637A05D4A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-4217738634-494452904-935236969</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP ProDesk 400 G1 MT</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>L02 v02.15</Version><SMBIOSVersion major="2" minor="7"/><Date>20140417000000.000000+000</Date></BIOS><HWID>63613507018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-BPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17946

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700008-02-1033-7601.0000-0422011
Installation ID: 012570959722101050257480976665172992119961063056418514
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 6P6GT
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 2/27/2018 9:06:58 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 12:30:2017 17:27
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEAln1OjxCyfFRGigCzUlPCNngcyPY=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-BPC
FACP HPQOEM SLIC-BPC
HPET HPQOEM SLIC-BPC
MCFG HPQOEM SLIC-BPC
FPDT HPQOEM SLIC-BPC
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SLIC HPQOEM SLIC-BPC
MSDM HPQOEM SLIC-BPC
 
#11 ·
Sorry but we don't do malware work on business computers as per the sticky post at the top of this forum which reads:
IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS

Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the cleanup process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results.
As a result I'm closing this thread.
 
#13 ·
Hello SCTR :)

Disclaimer before continuing: certain modifications that companies make are indistinguishable from malware. Because of this, the malware removal process can sometimes create issues on those machines.

With that out of the way, Cookiegal has given permission to continue this topic so let's pick up where we left off. Please run the following scans:

Step one...

AdwCleaner - Scan Only
  • Please download AdwCleaner by Xplode save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Do not attempt to clean anything at this point.
  • Click on the Logfile button.
  • This will open a file, AdwCleaner[Sx].txt (where x is the number of times AdwCleaner has been run). Copy and paste the contents of that logfile in your reply.

Step two...

Malwarebytes Anti-Malware (MBAM) Scan
Note: you need to be connected to the internet so that MBAM can download any updates it needs to.
  • Please close all open programs and windows so that you are at your Desktop.
  • Press the Start button.
  • Type Malwarebytes into the search box and select it from the results.
  • Allow MBAM to update if it asks you to.
  • Click Scan Now. MBAM will update its databases and proceed to scan your computer.
  • If any threats are found, ensure that all of them are checked and click Remove Selected.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Export Summary in the bottom right corner and select Text File (*.txt).
  • Save it on your Desktop as mbam.txt. Copy and paste the contents of mbam.txt in your reply.
  • If MBAM required a reboot please do the following to get the report:
    • On reboot reopen MBAM.
    • Click Reports and then click the most recent Scan Report and click View Report.
    • Click Export and then click Text File (*.txt).
    • Save it on your Desktop as mbam.txt. Copy and paste the contents of mbam.txt in your reply.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • AdwCleaner[Sx].txt
  • mbam.txt
  • Are there any changes in computer behavior?
.
 
#14 ·
This isn't a company owned computer so there are no modifications. :)

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 05 16:20:47 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 03-02-2018.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\GlobalUpdate
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4217738634-494452904-935236969-1001\Software\GlobalUpdate
PUP.Optional.Legacy, [Key] - HKCU\Software\GlobalUpdate
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan
PUP.Optional.DriverDoc, [Key] - HKU\S-1-5-21-4217738634-494452904-935236969-1001\Software\MimarSinan
PUP.Optional.DriverDoc, [Key] - HKCU\Software\MimarSinan

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
#15 ·
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/5/18
Scan Time: 11:28 AM
Log File: 4aac53d2-2092-11e8-a268-00ff54f9d3a7.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4212
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Melissa-HP\Melissa

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271482
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)
 
#17 ·
Hi SCTR :)

Apologies for the delay in getting back to you. Have you been having any issues other than the PDF detections? Popups, redirects, extra ads, etc.

Step one...

Please answer the following questions:
  • Do you use the following extension: Awesome Screenshot - Capture, Annotate & More? Was this installed voluntarily with your knowledge?
  • FF user.js: detected! => C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\user.js [2014-07-11]
    Have you intentionally set preferences using the user.js file for Firefox?

Step two...

FRST Fix
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Right click on FRST64.exe and select Run as administrator.
  • Press CTRL + Y (the Control and Y keys at the same time). A blank file will open.
  • Copy and paste the following into the it (do not include the word Code:).
    Code:
    CreateRestorePoint:
    GroupPolicy\User: Restriction <==== ATTENTION
    Folder: C:\ProgramData\s8lg
    Folder: C:\ProgramData\s638
    Folder: C:\ProgramData\s5cc
    Folder: C:\ProgramData\s8ik
    Folder: C:\ProgramData\s8gk
    Folder: C:\ProgramData\s7hg
    VirusTotal: C:\Users\Melissa\AppData\Local\Z@!-2cd7ee51-68f8-4991-b759-79c54b472976.tmp; C:\Users\Melissa\AppData\Local\Z@!-d04af8d0-7042-4908-a358-668c2bcaf9c7.tmp; C:\Users\Melissa\AppData\Local\Z@S!-baf06229-e408-4759-9347-506d2972a136.tmp
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save the file by clicking File -> Save.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Downloads folder where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step three...

AdwCleaner - Scan and Clean
  • You should still have adwcleaner.exe on your Desktop. If not please download it HERE.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Uncheck the box next to PUP.Optional.DriverDoc.
  • Click on Clean.
  • Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  • On reboot navigate to the folder that AdwCleaner was run from. There will be a filenamed AdwCleaner[Cx].txt (where x is the number of times it has been run). Copy and paste the contents of that logfile in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Answers to my questions
  • fixlog.txt
  • AdwCleaner[Cx].txt
  • Are there any changes in computer behavior?
 
#18 ·
That's alright, I haven't seen anything going on since that day, which is a good sign I'm sure. Is it possible that a trojan can just disappear or that Kaspersky got rid of it? I do use Awesome Screenshot, I downloaded it myself a long time ago. I don't know what you mean by the user.js question though. The fix log was on my desktop, not my downloads folder. Here it is:

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by Melissa (09-03-2018 12:43:02) Run:1
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy\User: Restriction <==== ATTENTION
Folder: C:\ProgramData\s8lg
Folder: C:\ProgramData\s638
Folder: C:\ProgramData\s5cc
Folder: C:\ProgramData\s8ik
Folder: C:\ProgramData\s8gk
Folder: C:\ProgramData\s7hg
VirusTotal: C:\Users\Melissa\AppData\Local\Z@!-2cd7ee51-68f8-4991-b759-79c54b472976.tmp; C:\Users\Melissa\AppData\Local\Z@!-d04af8d0-7042-4908-a358-668c2bcaf9c7.tmp; C:\Users\Melissa\AppData\Local\Z@S!-baf06229-e408-4759-9347-506d2972a136.tmp
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
C:\windows\system32\GroupPolicy\User => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully

========================= Folder: C:\ProgramData\s8lg ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\s638 ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\s5cc ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\s8ik ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\s8gk ========================

====== End of Folder: ======

========================= Folder: C:\ProgramData\s7hg ========================

====== End of Folder: ======

VirusTotal: C:\Users\Melissa\AppData\Local\Z@!-2cd7ee51-68f8-4991-b759-79c54b472976.tmp => https://www.virustotal.com/file/399...835d226426a6cd589dc50545/analysis/1519570507/
VirusTotal: C:\Users\Melissa\AppData\Local\Z@!-d04af8d0-7042-4908-a358-668c2bcaf9c7.tmp => https://www.virustotal.com/file/399...835d226426a6cd589dc50545/analysis/1519570507/
VirusTotal: C:\Users\Melissa\AppData\Local\Z@S!-baf06229-e408-4759-9347-506d2972a136.tmp => https://www.virustotal.com/file/371...9ee891471c95d656289637c9/analysis/1514772634/
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14696595 B
Java, Flash, Steam htmlcache => 1184 B
Windows/system/drivers => 6175156877 B
Edge => 0 B
Chrome => 22785013 B
Firefox => 384680386 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 2267542 B
Melissa => 78901978 B

RecycleBin => 0 B
EmptyTemp: => 6.2 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 12:44:25 ====
 
#20 ·
Hello SCTR :)

That's alright, I haven't seen anything going on since that day, which is a good sign I'm sure.
That's definitely good to hear.

Is it possible that a trojan can just disappear or that Kaspersky got rid of it?
I haven't seen any signs of a major infection in your logs, just a bit of adware. If it was malicious, it seems like Kaspersky deleted it before it was opened. PDFs are just a delivery method so if it was deleted before it was opened there's nothing to worry about.

When I run the Malwarebytes Adware Cleaner, I don't see a "PUP.Optional.DriverDoc" but I do see "PUP.Optional.Legacy". Should I uncheck that and then clean?
If there is no PUP.Optional.DriverDoc just leave everything checked and then clean.

After that please do the following:

Step one...

FRST Fix
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Right click on FRST64.exe and select Run as administrator.
  • Press CTRL + Y (the Control and Y keys at the same time). A blank file named fixlist.txt will open.
  • Copy and paste the following into the it (do not include the word Code:).
    Code:
    CreateRestorePoint:
    FF user.js: detected! => C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\user.js [2014-07-11]
    C:\ProgramData\s8lg
    C:\ProgramData\s638
    C:\ProgramData\s5cc
    C:\ProgramData\s8ik
    C:\ProgramData\s8gk
    C:\ProgramData\s7hg
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save the file by clicking File -> Save.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop folder where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step two...

ESET Online Scanner
  • Go to the ESET Online Scanner site.
  • Click on the Scan Now button. This will download a small utility.
  • Before running the utility, disable any antivirus you have active, as shown in this topic.
  • Close any open programs and windows.
  • Right click esetonlinescanner_enu.exe and select Run as administrator.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • Ensure the following are checked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Ensure that Clean threats automatically is unchecked.
  • Click Scan.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
  • When the scan completes click Save to text file.... Save the log as ESETScan.txt to your Desktop.
  • Click the Do not clean link, next to the Clean selected button.
  • Click Finish.
  • You can now close the program using the X in the top-right.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • AdwCleaner[Cx].txt
  • fixlog.txt
  • ESETScan.txt
  • Are there any changes in computer behavior?
 
#21 ·
# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 15 20:20:10 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\GlobalUpdate
Deleted: [Key] - HKU\S-1-5-21-4217738634-494452904-935236969-1001\Software\GlobalUpdate
Deleted: [Key] - HKCU\Software\GlobalUpdate
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3920 B] - [2018/3/5 16:20:47]
C:/AdwCleaner/AdwCleaner[S1].txt - [3769 B] - [2018/3/9 18:7:33]
C:/AdwCleaner/AdwCleaner[S2].txt - [3835 B] - [2018/3/15 20:19:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
#23 ·
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Melissa (19-03-2018 13:44:37) Run:2
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
FF user.js: detected! => C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\user.js [2014-07-11]
C:\ProgramData\s8lg
C:\ProgramData\s638
C:\ProgramData\s5cc
C:\ProgramData\s8ik
C:\ProgramData\s8gk
C:\ProgramData\s7hg
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\r05s7axb.default\user.js => moved successfully
C:\ProgramData\s8lg => moved successfully
C:\ProgramData\s638 => moved successfully
C:\ProgramData\s5cc => moved successfully
C:\ProgramData\s8ik => moved successfully
C:\ProgramData\s8gk => moved successfully
C:\ProgramData\s7hg => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6140386 B
Java, Flash, Steam htmlcache => 1080 B
Windows/system/drivers => 3619155407 B
Edge => 0 B
Chrome => 0 B
Firefox => 378796881 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 9750 B
Melissa => 1684561234 B

RecycleBin => 0 B
EmptyTemp: => 5.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:45:59 ====
 
#25 ·
Hello SCTR :)

Everything looks good. The ESET detection is for an application that bundles Google Toolbar that is in your backups. There's no reason to be concerned about or delete it.

There's just a couple final cleanup steps and then we are finished.

Step one...

AdwCleaner - Uninstall
  • You should still have adwcleaner.exe on your Desktop folder. If not please download it HERE.
  • Right click on adwcleaner.exe and select Run as administrator.
  • Click on the Uninstall button and then click Yes.
  • AdwCleaner will uninstall and automatically close itself.

Step two...

DelFix
  • Please download DelFix by Xplode and save it to your Desktop.
  • Right click on delfix_*version*.exe and select Run as administrator.
  • Check the following boxes and then click Run:
    • Activate UAC
    • Remove disinfection tools
    • Purge system restore
  • If any logs or programs remain, you may delete them now.

And you're good to go after that. Kaspersky is a good option for a paid antivirus, just make sure you keep your subscription active. I would recommend that you keep Malwarebytes installed and run a scan manually every couple weeks.

I also highly recommend that you read the following posts:

Please let me know if you have any additional questions. Otherwise, please respond to let me know that you have completed the cleanup steps and click the Mark Topic Complete button on the top left of the page to mark this topic solved.

Stay safe :)
capnkrunch
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top