Jump to content

Hijacked browser?


Recommended Posts

I run the paid version of Malwarebytes to keep up with updates and in general, I run a clean machine, always been careful browsing the web and with emails, but lately it seems that my browser is getting hijacked by false security alerts. Not even sure what they call them as I generally don't have virus/malware issues. I run the latest version of Firefox and late;y the browser will jump to what they want me to believe is a Firefox "patch" that I'm supposed to fall for and download, which I don't. But today I got some off the wall alert with a female computerized voice telling me I had a security alert and to click on whatever, which I promptly shut down the browser instead and ran Malwarebytes. Got a clean scan. In fact I never get anything on my scans, so as far as I can tell, my machine is clean - any ideas as to what's going on with my browser?

Link to post
Share on other sites

Hello PaulaD and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Next,

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

Let me see those logs in your reply...

Thank you,

Kevin..
Link to post
Share on other sites

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Paula DeRoo (administrator) on PAULASXPS (05-04-2017 07:28:03)
Running from C:\Users\Paula DeRoo\Desktop
Loaded Profiles: Paula DeRoo (Available Profiles: Paula DeRoo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(DigiData) C:\Program Files (x86)\Cox Secure Online Backup for Windows\DigiData.Host.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Dropbox, Inc.) C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(DigiData Corp.) C:\Program Files (x86)\Cox\Drag and Drop Backup\vewatch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8925184 2015-01-20] (Dell Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files (x86)\Cox\Drag and Drop Backup\vewatch.exe [17408 2013-02-21] (DigiData Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Run: [Dropbox Update] => C:\Users\Paula DeRoo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\MountPoints2: E - E:\SISetup.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cox Cloud Drive.lnk [2016-09-19]
ShortcutTarget: Cox Cloud Drive.lnk -> C:\Program Files (x86)\Cox Secure Online Backup for Windows\DigiData.Host.exe (DigiData)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-02-26]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-02-26]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-02-26]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Paula DeRoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{91B68AD6-7B09-4580-AFFA-72D66BBCD395}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{BE6E6BBD-F03F-4AC7-9063-8F8010B7024D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-967062836-2529923387-3564815213-1001 -> DefaultScope {99C6BDB0-69A7-4898-A0B8-6EBFBF8FC003} URL =
SearchScopes: HKU\S-1-5-21-967062836-2529923387-3564815213-1001 -> {99C6BDB0-69A7-4898-A0B8-6EBFBF8FC003} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-30] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-30] (Oracle Corporation)
DPF: HKLM-x32 {F9CD2233-6744-47C1-A6AE-00C30A35F73D} hxxps://myaccount.cox.net/internettools/scripts/Inspector.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2016-05-08] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543 [2017-04-05]
FF Homepage: Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543 -> hxxp://www.ighome.com/
FF Extension: (Custom New Tab) - C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\Extensions\CNT@ednovak.net.xpi [2016-09-01]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2017-03-23]
FF Extension: (Translate This!) - C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2016-11-04]
FF Extension: (Popup Blocker Ultimate) - C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-02-24]
FF Extension: (LeechBlock) - C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-03-19]
FF Extension: (Site Deployment Checker) - C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\features\{3e0fb7f7-e473-47a5-9d5f-8f0e030a5ad5}\deployment-checker@mozilla.org.xpi [2017-03-25]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-04-23] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-967062836-2529923387-3564815213-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Paula DeRoo\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-967062836-2529923387-3564815213-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-967062836-2529923387-3564815213-1001: @talk.google.com/O1DPlugin -> C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-967062836-2529923387-3564815213-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-967062836-2529923387-3564815213-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Paula DeRoo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Paula DeRoo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0160761425215272mcinstcleanup; C:\Windows\TEMP\016076~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S4 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6178304 2015-01-20] (Dell Inc.) [File not signed]
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672024 2015-02-26] (Wacom Technology, Corp.)
S4 McAWFwk; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-01-20] (Broadcom Corporation.)
S3 CAXHWCD2; C:\Windows\System32\DRIVERS\CAXHWCD2.sys [376320 2015-02-27] (Conexant Systems, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-04-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-04-05] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [41576 2016-02-21] (EldoS Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 07:28 - 2017-04-05 07:29 - 00027150 _____ C:\Users\Paula DeRoo\Desktop\FRST.txt
2017-04-05 07:25 - 2017-04-05 07:26 - 02424832 _____ (Farbar) C:\Users\Paula DeRoo\Desktop\FRST64.exe
2017-04-04 20:00 - 2017-04-04 20:00 - 01496584 _____ C:\Users\Paula DeRoo\Downloads\spybot-search-destroy.exe
2017-04-04 19:57 - 2017-04-04 19:57 - 49405136 _____ (Microsoft Corporation) C:\Users\Paula DeRoo\Downloads\Windows-KB890830-x64-V5.46.exe
2017-04-04 08:36 - 2017-04-04 08:36 - 00000000 ____D C:\Users\Paula DeRoo\Documents\1Resumes
2017-03-29 12:55 - 2017-03-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-03-29 12:54 - 2017-03-29 12:54 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-29 12:54 - 2017-03-29 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-29 12:53 - 2017-03-29 12:54 - 00000000 ____D C:\Program Files\iTunes
2017-03-29 12:53 - 2017-03-29 12:53 - 00000000 ____D C:\Program Files\iPod
2017-03-29 12:51 - 2017-03-29 12:51 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-29 12:51 - 2017-03-29 12:51 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-28 14:16 - 2017-03-07 21:33 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-03-28 14:16 - 2017-03-07 21:33 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-03-28 14:16 - 2017-03-07 21:33 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-03-28 14:16 - 2017-03-07 21:31 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-03-28 14:16 - 2017-03-07 21:22 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-03-28 14:16 - 2017-03-07 21:18 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-03-28 14:16 - 2017-03-07 21:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-03-28 14:16 - 2017-03-07 21:16 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-03-28 14:16 - 2017-03-07 21:16 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-03-28 14:16 - 2017-03-07 21:16 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-03-28 14:16 - 2017-03-07 21:16 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-03-28 14:16 - 2017-03-07 21:16 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-03-28 14:16 - 2017-03-07 21:07 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-03-28 14:16 - 2017-03-07 21:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-03-28 14:16 - 2017-03-07 21:06 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-03-28 14:16 - 2017-03-07 21:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-03-28 14:16 - 2017-02-14 09:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-03-28 14:16 - 2017-02-14 09:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-03-28 14:16 - 2017-02-11 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-28 14:16 - 2017-02-11 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-03-28 14:16 - 2017-02-09 09:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-03-28 14:16 - 2017-02-09 09:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-03-28 14:16 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-28 14:16 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-24 16:19 - 2017-03-24 16:19 - 00000000 ____D C:\Users\Paula DeRoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-23 06:09 - 2017-03-23 06:09 - 00009769 _____ C:\Users\Paula DeRoo\Downloads\Quote # 11820.PDF
2017-03-21 15:10 - 2017-03-21 15:10 - 02067512 _____ C:\Users\Paula DeRoo\Downloads\202341.pdf
2017-03-21 14:32 - 2017-03-21 14:32 - 00418889 _____ C:\Users\Paula DeRoo\Downloads\DeRoo - Revised Site Plan.pdf
2017-03-21 14:30 - 2017-03-21 14:30 - 00536222 _____ C:\Users\Paula DeRoo\Downloads\POOL PLAN, DEROO 3-8.pdf
2017-03-15 15:17 - 2017-03-04 10:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 15:17 - 2017-03-04 09:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 15:17 - 2017-03-04 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 15:17 - 2017-03-04 01:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 15:17 - 2017-03-04 01:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 15:17 - 2017-03-04 01:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 15:17 - 2017-03-04 01:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 15:17 - 2017-03-04 01:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 15:17 - 2017-03-04 01:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 15:17 - 2017-03-04 00:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 15:17 - 2017-03-04 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 15:17 - 2017-03-04 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 15:17 - 2017-03-04 00:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 15:17 - 2017-03-04 00:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 15:17 - 2017-03-04 00:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 15:17 - 2017-03-04 00:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 15:17 - 2017-03-04 00:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 15:17 - 2017-03-04 00:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 15:17 - 2017-03-04 00:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 15:17 - 2017-03-04 00:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 15:17 - 2017-03-04 00:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 15:17 - 2017-03-04 00:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 15:17 - 2017-03-04 00:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 15:17 - 2017-03-04 00:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 15:17 - 2017-03-04 00:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 15:17 - 2017-03-04 00:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 15:17 - 2017-03-04 00:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 15:17 - 2017-03-03 23:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 15:17 - 2017-03-03 23:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 15:17 - 2017-03-03 23:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 15:17 - 2017-03-03 23:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 15:17 - 2017-03-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 15:17 - 2017-03-03 23:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 15:17 - 2017-03-03 23:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 15:17 - 2017-03-03 23:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 15:17 - 2017-03-03 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 15:17 - 2017-03-03 21:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 15:17 - 2017-03-02 11:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 15:17 - 2017-03-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 15:17 - 2017-03-02 11:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 15:17 - 2017-03-02 11:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 15:17 - 2017-03-02 11:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 15:17 - 2017-03-02 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 15:17 - 2017-03-02 10:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 15:17 - 2017-03-02 10:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 15:17 - 2017-03-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 15:17 - 2017-03-02 10:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 15:17 - 2017-03-02 10:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 15:17 - 2017-03-02 10:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 15:17 - 2017-03-02 10:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 15:17 - 2017-03-02 10:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 15:17 - 2017-03-02 10:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 15:17 - 2017-03-02 10:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 15:17 - 2017-03-02 10:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 15:17 - 2017-03-02 10:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 15:17 - 2017-03-02 10:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 15:17 - 2017-03-02 10:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 15:17 - 2017-03-02 10:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 15:17 - 2017-03-02 10:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 15:17 - 2017-03-02 10:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 15:17 - 2017-03-02 10:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 15:17 - 2017-03-02 10:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 15:17 - 2017-03-02 10:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 15:17 - 2017-03-02 09:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 15:17 - 2017-03-02 09:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 15:17 - 2017-03-02 09:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 15:17 - 2017-02-11 08:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 15:17 - 2017-02-11 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 15:17 - 2017-02-11 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 15:17 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 15:17 - 2017-02-10 09:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 15:17 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 15:17 - 2017-02-10 09:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 15:17 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 15:17 - 2017-02-09 09:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 15:17 - 2017-02-09 09:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 15:17 - 2017-02-09 09:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 15:17 - 2017-02-09 09:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 15:17 - 2017-02-09 09:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 15:17 - 2017-02-09 09:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 15:17 - 2017-02-09 09:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 15:17 - 2017-02-09 09:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 15:17 - 2017-02-09 09:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 09:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 15:17 - 2017-02-09 09:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 15:17 - 2017-02-09 09:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 15:17 - 2017-02-09 09:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 15:17 - 2017-02-09 09:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 15:17 - 2017-02-09 08:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 15:17 - 2017-02-09 08:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 15:17 - 2017-02-09 08:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 15:17 - 2017-02-09 08:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 15:17 - 2017-02-09 08:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 15:17 - 2017-02-09 08:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 15:17 - 2017-02-09 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 15:17 - 2017-02-09 08:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 15:17 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 15:17 - 2017-02-09 08:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 15:17 - 2017-02-09 08:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 15:17 - 2017-02-09 08:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 15:17 - 2017-02-09 08:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 15:17 - 2017-02-09 08:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 15:17 - 2017-02-09 08:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 08:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 08:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 08:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 15:17 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 15:17 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 15:17 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 15:17 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 15:17 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 15:17 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 15:17 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 15:17 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 15:17 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 15:17 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 15:17 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 15:17 - 2017-01-06 11:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 15:17 - 2017-01-06 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 07:28 - 2017-02-26 10:59 - 00000000 ____D C:\FRST
2017-04-05 07:01 - 2017-01-29 13:08 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-05 07:01 - 2016-11-18 17:11 - 00000000 ____D C:\Users\Paula DeRoo\AppData\LocalLow\Mozilla
2017-04-05 07:01 - 2015-06-18 05:56 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001UA.job
2017-04-04 19:41 - 2015-02-27 11:22 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-04-04 12:15 - 2015-02-26 11:33 - 00000000 ____D C:\Users\Paula DeRoo\Documents\Outlook Files
2017-04-04 08:36 - 2015-06-18 05:55 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001Core.job
2017-04-04 08:36 - 2015-02-26 11:26 - 00000000 ____D C:\Users\Paula DeRoo\Documents\Word
2017-04-04 07:07 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 07:07 - 2009-07-13 21:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 06:59 - 2017-01-29 13:08 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-04 06:59 - 2017-01-29 13:08 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-04 06:59 - 2015-03-01 16:21 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 06:59 - 2015-02-26 08:35 - 00000000 ___RD C:\Users\Paula DeRoo\Dropbox
2017-04-04 06:58 - 2016-03-27 09:00 - 00000000 ___RD C:\Users\Paula DeRoo\iCloudDrive
2017-04-04 06:57 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 06:56 - 2015-06-17 05:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-03 15:20 - 2017-01-19 09:34 - 00000000 ____D C:\Users\Paula DeRoo\Desktop\Pool
2017-04-02 20:17 - 2015-02-26 11:33 - 00000000 ____D C:\Users\Paula DeRoo\Documents\My Money
2017-04-02 09:31 - 2015-03-04 08:03 - 04076032 ___SH C:\Users\Paula DeRoo\Desktop\Thumbs.db
2017-04-01 14:02 - 2016-05-18 09:09 - 00636416 ___SH C:\Users\Paula DeRoo\Documents\Thumbs.db
2017-03-30 12:59 - 2017-03-01 11:24 - 00007605 _____ C:\Users\Paula DeRoo\AppData\Local\resmon.resmoncfg
2017-03-30 12:08 - 2010-11-20 20:27 - 00513192 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-29 13:02 - 2015-10-21 06:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-29 13:02 - 2015-02-26 08:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 12:56 - 2009-07-13 22:13 - 00800700 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-29 12:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-03-29 12:53 - 2015-03-21 12:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-29 12:51 - 2015-03-21 12:04 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-28 14:57 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-03-24 16:17 - 2015-02-26 08:32 - 00000000 ____D C:\Users\Paula DeRoo\AppData\Roaming\Dropbox
2017-03-21 14:25 - 2016-05-18 09:16 - 00000000 ____D C:\Users\Paula DeRoo\Documents\David Medical
2017-03-17 09:59 - 2015-02-26 12:16 - 00000000 ____D C:\Users\Paula DeRoo\Documents\House For Sale
2017-03-16 17:41 - 2009-07-13 21:45 - 00423024 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-16 17:38 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 15:22 - 2015-02-26 09:29 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 15:20 - 2015-02-26 09:29 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 15:18 - 2015-05-14 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 15:18 - 2015-05-14 06:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 15:18 - 2015-05-14 06:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 14:51 - 2015-08-15 14:05 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 14:51 - 2015-01-20 20:29 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 14:51 - 2015-01-20 20:29 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 14:51 - 2015-01-20 20:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 14:51 - 2015-01-20 20:29 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-09 12:57 - 2015-06-18 05:55 - 00000000 ____D C:\Users\Paula DeRoo\AppData\Local\Dropbox

==================== Files in the root of some directories =======

2015-12-05 08:48 - 2015-12-05 08:48 - 0000227 _____ () C:\Users\Paula DeRoo\AppData\Local\poetsch.bat
2017-03-01 11:24 - 2017-03-30 12:59 - 0007605 _____ () C:\Users\Paula DeRoo\AppData\Local\resmon.resmoncfg
2015-02-27 12:06 - 2015-02-27 12:06 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2016-05-10 14:04 - 2014-06-18 13:21 - 8667200 _____ (Foxit Corporation) C:\Users\Paula DeRoo\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
2017-03-16 17:32 - 2017-03-16 17:32 - 0000000 _____ () C:\Users\Paula DeRoo\AppData\Local\Temp\GUR1BE9.exe
2016-07-27 14:37 - 2016-07-27 14:37 - 0741440 _____ (Oracle Corporation) C:\Users\Paula DeRoo\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-21 07:59 - 2016-10-21 07:59 - 0737856 _____ (Oracle Corporation) C:\Users\Paula DeRoo\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-30 14:28 - 2017-01-30 14:28 - 0739904 _____ (Oracle Corporation) C:\Users\Paula DeRoo\AppData\Local\Temp\jre-8u121-windows-au.exe
2015-02-27 11:09 - 2011-05-11 04:19 - 0607800 ____R (HP) C:\Users\Paula DeRoo\AppData\Local\Temp\siinst.exe
2015-02-27 11:09 - 2011-05-05 14:26 - 0270336 ____R (HP) C:\Users\Paula DeRoo\AppData\Local\Temp\strings.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 12:40

==================== End of FRST.txt ============================

Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paula DeRoo (05-04-2017 07:29:21)
Running from C:\Users\Paula DeRoo\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-02-26 15:08:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-967062836-2529923387-3564815213-500 - Administrator - Disabled)
Guest (S-1-5-21-967062836-2529923387-3564815213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-967062836-2529923387-3564815213-1003 - Limited - Enabled)
Paula DeRoo (S-1-5-21-967062836-2529923387-3564815213-1001 - Administrator - Enabled) => C:\Users\Paula DeRoo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Amazon Amazon Music) (Version: 4.3.2.1367 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\73f463568823ebbe) (Version: 6.0.0.9 - Dell)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
Dropbox (HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.228 - Dell Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit PhantomPDF Standard (HKLM-x32\...\{1AF2A50D-4E91-4553-BA2B-7D41C7ADA58B}) (Version: 6.2.1.618 - Foxit Corporation)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 15.0.15309.1258 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (x32 Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM125LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
hpStatusAlerts (x32 Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (x32 Version: 080.046.00112 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU  (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MosChip PCI Multi-IO Controller (HKLM\...\MosChip Semiconductor Technology Ltd) (Version:  - )
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
QuickBooks (x32 Version: 24.0.4011.2403 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2014 (HKLM-x32\...\{48DCE40F-BD78-4EEA-B810-6F371716A5DD}) (Version: 24.0.4011.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - )
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_USB_VID_0572&PID_1300) (Version:  - )
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5600 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Local\Workspace\wbetoolsax64.dll => No File
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-967062836-2529923387-3564815213-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0223FFE2-E9AB-4C4A-B187-A652235FCC4A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {02EF0534-EDAE-447F-95A0-03EBBACC8172} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001UA => C:\Users\Paula DeRoo\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {0D36627B-A59E-407E-B0D8-2AA9033437EA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001UA => C:\Users\Paula DeRoo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {190B7195-DA2F-431E-A9E0-E0973330A112} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {2FDCB4C5-B39C-42C1-AE09-248F8C090F75} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {5002317F-A65C-49D4-94BF-9CD6257B9AEF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5027EE5E-2164-44C4-944D-D19F6BD3266C} - System32\Tasks\{415ECF94-E24C-4886-B376-2AD7497D00B6} => pcalua.exe -a "C:\Users\Paula DeRoo\Downloads\JavaUninstallTool.exe" -d "C:\Users\Paula DeRoo\Downloads"
Task: {5C7361A9-669B-4665-B441-84FB2171DE35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {6A727B80-9B68-48D1-B85C-BB63C9414674} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7334083C-B6D4-4622-8436-71A420A24701} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001Core => C:\Users\Paula DeRoo\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {769E2CAF-C446-4F8A-AE96-1297F5977CEB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {7FD12128-27E5-4606-A1A3-A3818CEAA4C2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {90A36BBA-A182-4F6D-84F4-89A7E6D7196D} - System32\Tasks\{01238F93-C994-4984-820B-4BB0E3259193} => pcalua.exe -a "C:\Users\Paula DeRoo\AppData\Local\Temp\Temp2_eolupcli.zip\eolupcli.exe" <==== ATTENTION
Task: {A8AC8FD8-5184-44D6-8E2A-48B3835167B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001Core => C:\Users\Paula DeRoo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B6D4F450-1416-49EF-8AC1-890756A3A20B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BD9DBB83-DBAF-4FF7-8F03-2513D4BD4E86} - System32\Tasks\G2MUploadTask-S-1-5-21-967062836-2529923387-3564815213-1001 => C:\Users\Paula DeRoo\AppData\Local\Citrix\GoToMeeting\4099\g2mupload.exe
Task: {CFBAB55E-835A-4B87-82E2-5ECCAA4D657F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DE0CE5D5-E238-4974-BFC8-0998F69B3BFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E001E586-6F7D-4FFE-B056-88E70C05F13B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {EDD6B9EC-79B3-4B53-9FBC-BD6DA9F02BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FAC95326-F52B-4EBE-834A-6826AB7C299B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {FADC2745-A36A-4BB5-B078-1ECD75543790} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001Core.job => C:\Users\Paula DeRoo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967062836-2529923387-3564815213-1001UA.job => C:\Users\Paula DeRoo\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-06-17 05:43 - 2016-12-29 05:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 22:17 - 2013-09-04 22:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 13:23 - 2010-10-20 13:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-13 06:46 - 2012-08-31 12:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-02-27 11:10 - 2012-08-31 12:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 15:12 - 2016-09-01 15:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2012-09-12 21:38 - 2012-09-12 21:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2017-01-29 13:08 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-29 13:08 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-12-21 18:14 - 2015-12-16 10:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 15:13 - 2016-09-01 15:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-04 22:14 - 2013-09-04 22:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 13:45 - 2010-10-20 13:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-12 21:38 - 2012-09-12 21:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 21:38 - 2012-09-12 21:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 21:38 - 2012-09-12 21:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 21:38 - 2012-09-12 21:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 21:38 - 2012-09-12 21:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2017-03-24 16:19 - 2017-03-21 11:06 - 00842560 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-02-28 07:32 - 2017-02-28 13:49 - 00035792 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-02-28 07:32 - 2017-02-28 13:49 - 00100296 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-02-28 07:32 - 2017-02-28 13:49 - 00018888 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\select.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00019776 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00020824 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-02-28 07:32 - 2017-02-28 13:50 - 00123856 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-28 07:32 - 2017-02-28 13:49 - 00694224 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 01729360 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00020816 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-24 16:19 - 2017-02-28 13:49 - 00145864 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-24 16:19 - 2017-02-28 13:50 - 00019408 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-24 16:19 - 2017-02-28 13:49 - 00116688 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-02-28 07:32 - 2017-02-28 13:52 - 00105928 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00022864 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00060736 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00038712 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00024528 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-03-24 16:19 - 2017-02-28 13:49 - 00392656 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-24 16:19 - 2017-02-28 13:52 - 00020936 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00116176 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00392512 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00124880 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00026456 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00024016 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00175560 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00030160 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00043472 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00048592 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00057808 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00024016 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00246608 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00027488 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-28 07:32 - 2017-02-28 13:51 - 00241104 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00022336 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00025432 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00028616 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 01826104 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-02-28 07:32 - 2017-02-28 13:50 - 00083912 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 01972024 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 03928896 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00531264 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00053072 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00133432 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00224064 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00207680 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00022864 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00022872 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00021848 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00022872 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00349128 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00023896 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 16:19 - 2017-03-21 11:09 - 00025936 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 16:19 - 2017-02-28 13:47 - 00036296 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-24 16:19 - 2017-03-21 11:09 - 00084288 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-28 07:32 - 2017-03-21 11:10 - 00030536 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-03-24 16:19 - 2017-02-28 13:56 - 00017864 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-24 16:19 - 2017-02-28 13:56 - 01631184 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-24 16:19 - 2017-03-21 11:10 - 00042816 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00171336 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00357688 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-02-28 07:32 - 2017-02-28 13:52 - 00060880 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-28 07:32 - 2017-03-21 11:10 - 00026456 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 16:19 - 2017-03-21 11:10 - 00546104 _____ () C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2012-09-12 21:39 - 2012-09-12 21:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-02-19 17:51 - 2014-02-19 17:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-02 09:58 - 2015-11-16 11:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [270]
AlternateDataStreams: C:\Users\Paula DeRoo\Documents\14610 N 134th Ln, Surprise, AZ 85379:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-967062836-2529923387-3564815213-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-967062836-2529923387-3564815213-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paula DeRoo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: Dell Data Services => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WTabletServicePro => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Paula DeRoo\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DropboxOEM => "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
MSCONFIG\startupreg: Google Update => C:\Users\Paula DeRoo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: ogcsn => "C:\Users\Paula DeRoo\AppData\Local\Workspace\outsync.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E7131FFD-479A-4235-94BD-37A50C66DE4A}] => (Allow) C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{13BD813F-27F5-4A6B-9DF3-760F5A6144DD}] => (Allow) C:\Users\Paula DeRoo\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CEC51F07-8D61-48EA-BC2A-21C858A6C84D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E703B687-8709-4F58-90EC-ECB5AC04C174}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CE44C68-B604-4BCD-A4FB-D65A44A67C3A}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{713439C9-E374-4997-B4D5-95D6AD34BDC1}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{03A8C538-5618-4E88-B661-498F9608CA0B}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{7808A63C-2D94-4D59-9491-78EFDA81D563}] => (Allow) LPort=9100
FirewallRules: [{F90B9517-806A-4E68-99E0-8EABD5DA3F5E}] => (Allow) LPort=427
FirewallRules: [{5444B3CE-758B-4987-8E44-8A5350CE5E84}] => (Allow) LPort=161
FirewallRules: [TCP Query User{A823504B-293C-4E74-9D1C-5EEF585DA141}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B3FF06F2-29AA-4481-92B1-C1A6FA061FED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{2033C6FB-82C7-4172-9ED0-27A03FF4EAF6}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{8F577766-36E0-4A98-806C-409B92C549A8}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{CD09E1FA-EA8C-449B-811B-18347BC46CFD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D77FB5F-1AFC-4625-8EC6-20AD28B8A45D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEC6D37E-641F-47FD-B246-F0F10C97DC83}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0A9B671-58BF-4C04-BAC9-53CBBCFA9AD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2BA874FC-F51C-49C5-B567-46F1D6136663}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{A375F0F0-A766-4CE4-A81A-ED38B9190275}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{83BC4FF6-1BBF-4644-9464-3FB83FB72147}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{4272C1E5-B0F0-459D-A5FC-DA23A103B457}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{3BBE1649-F683-4F84-B6C0-36A557330507}C:\users\paula deroo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\paula deroo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{43A72427-8191-44A8-B975-3835E6BCF658}C:\users\paula deroo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\paula deroo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{41F04397-08B1-46D7-8B74-498D302F1502}C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe] => (Allow) C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe
FirewallRules: [UDP Query User{C19B701D-5344-4C2E-83A3-047BF15872DA}C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe] => (Allow) C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe
FirewallRules: [TCP Query User{6639997B-81B1-4AA4-A821-BAD70AC5DD44}C:\users\paula deroo\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\paula deroo\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{9D73C0EF-3DF5-4CE5-9E9F-C18460DC3AA9}C:\users\paula deroo\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\paula deroo\appdata\local\logmein client\lmiignition.exe
FirewallRules: [{A1164789-3809-4DEC-BBCA-7AA2944BFFA0}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{7146A602-B182-4AF7-AB8E-CEB193D6F745}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe
FirewallRules: [{13E03615-C326-4629-A85C-B786CF8A8B2E}] => (Allow) LPort=9100
FirewallRules: [{79A0BF45-1433-4675-8E35-B879B8E92915}] => (Allow) LPort=427
FirewallRules: [{ED93D477-C3FB-4828-ADFD-37201466801B}] => (Allow) LPort=161
FirewallRules: [TCP Query User{C8700E64-6851-49C7-BB58-D7FC6173C211}C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe] => (Allow) C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe
FirewallRules: [UDP Query User{A37500A8-3C52-4726-8410-E6859B53B34D}C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe] => (Allow) C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe
FirewallRules: [{C0D5DC34-CF5E-4B07-81DB-4F78D13A8842}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BF47711-717C-48D6-8F51-62EB6B86BB23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19B7659C-09EA-48BC-84D8-8B4C3827E710}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2D84A70-B887-4A03-AE1A-B54C5136381A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{3C3B1DFB-2EB9-41EB-BFA1-E4239574E47F}C:\users\paula deroo\appdata\local\join.me\join.me.exe] => (Allow) C:\users\paula deroo\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{0140ABEC-C6B4-4AC1-87A7-9B864CF21751}C:\users\paula deroo\appdata\local\join.me\join.me.exe] => (Allow) C:\users\paula deroo\appdata\local\join.me\join.me.exe
FirewallRules: [{948E0691-D2B8-4FE2-9FC6-61AF295BE97B}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{B137D6B6-77CB-4813-B07C-A998357DA10A}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe
FirewallRules: [{C69A6303-3876-4AA4-83A3-4A19B5042165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59BD3177-51D7-41D5-B2A5-560DA481343E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{83BC6FF8-DB3B-4FD1-8F9E-E246B88ABB61}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8003C532-799E-4EA6-A81E-91D48140DD8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C033BB7C-6CE5-44F4-BBDB-4A56F881CF66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{53D55DB8-BD1F-4AEA-AB6C-DF8AD84C9909}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1D4FB8EF-1E48-4620-8DAF-480CDEA59906}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9EAA60ED-5DD2-4945-A3B6-DCACE36E1BD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B6F44D3-ABC6-4A8A-A8A3-9529287AD2B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{B775917D-DEBB-4CA6-B640-80DB5BDBF619}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{4811F21D-8FDD-4620-B24D-A0C23C02C5D7}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{F4AAD546-DC37-4C37-A8CE-837110118D9B}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe
FirewallRules: [{4BD60176-F2B4-4913-9538-ECFF65F2D182}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F2383A0F-F3A0-4606-BD7E-DDB4B7D5E12B}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe
FirewallRules: [{D5709FD2-9E9C-4BC7-9684-D16C67FEA3C5}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe
FirewallRules: [{CCACBDB4-08DD-471C-8E65-4A2B460AFA38}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CFD2D0D0-140C-4A40-800D-74CB36D1808B}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe
FirewallRules: [{180C1131-4D1A-48A2-8529-917F0671FFDA}] => (Allow) C:\Users\Paula DeRoo\AppData\Local\Temp\7zS65D3\HPDiagnosticCoreUI.exe
FirewallRules: [{8B99B665-0026-4211-9636-7F8A34457607}] => (Allow) C:\Users\Paula DeRoo\AppData\Local\Temp\7zS65D3\HPDiagnosticCoreUI.exe
FirewallRules: [{E50E23F1-05C1-48A9-9D8C-D4F4FB42CD2B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Installer\hpbcsiInstaller.exe
FirewallRules: [{72E2DB6F-BE36-47B3-89F1-6453D1929108}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Installer\hpbcsiInstaller.exe
FirewallRules: [{45F7AE23-9E4E-4DC0-B721-7ECCEEAD9451}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

27-03-2017 12:36:03 Windows Update
28-03-2017 14:16:13 Windows Update
01-04-2017 08:49:22 Windows Update
04-04-2017 11:50:53 Windows Update

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2017 09:38:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7675

Error: (04/04/2017 09:38:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7675

Error: (04/04/2017 09:38:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2017 06:05:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7363

Error: (04/04/2017 06:05:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7363

Error: (04/04/2017 06:05:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2017 04:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7394

Error: (04/04/2017 04:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7394

Error: (04/04/2017 04:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/04/2017 01:42:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8643


System errors:
=============
Error: (04/05/2017 07:00:58 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/05/2017 07:00:54 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 07:41:22 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.0.5, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (04/04/2017 07:41:13 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 05:27:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 04:57:16 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 04:27:09 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 03:08:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 02:38:10 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/04/2017 02:09:13 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 127.0.0.1.


CodeIntegrity:
===================================
  Date: 2016-05-01 07:36:12.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-01 07:36:12.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-19 06:54:27.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:37:50.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:36:22.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:36:07.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:34:34.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 14:33:59.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-24 13:28:05.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-24 13:28:04.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxVoiceAPO2064.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 8141.89 MB
Available physical RAM: 4755.71 MB
Total Virtual: 16281.96 MB
Available Virtual: 11701.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:778.85 GB) NTFS
Drive d: (GENTLE_LEADER_TRAINING_DVD) (CDROM) (Total:0.68 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 54BF23D6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

RogueKiller log:

RogueKiller V12.10.3.0 (x64) [Apr  3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paula DeRoo [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/05/2017 07:33:53 (Duration : 00:28:47)

¤¤¤ Processes : 1 ¤¤¤
[VT.Trojan/Generic.ASVCS3S.1E5] FRST64.exe(6512) -- C:\Users\Paula DeRoo\Desktop\FRST64.exe[-] -> Found

¤¤¤ Registry : 36 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C} (C:\Users\Paula DeRoo\AppData\Local\Workspace\wbetoolsax64.dll) -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{91B68AD6-7B09-4580-AFFA-72D66BBCD395} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{91B68AD6-7B09-4580-AFFA-72D66BBCD395} | DhcpNameServer : 172.20.10.1 ([])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{41F04397-08B1-46D7-8B74-498D302F1502}C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C19B701D-5344-4C2E-83A3-047BF15872DA}C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C8700E64-6851-49C7-BB58-D7FC6173C211}C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A37500A8-3C52-4726-8410-E6859B53B34D}C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3C3B1DFB-2EB9-41EB-BFA1-E4239574E47F}C:\users\paula deroo\appdata\local\join.me\join.me.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\paula deroo\appdata\local\join.me\join.me.exe|Name=join.me.exe|Desc=join.me.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0140ABEC-C6B4-4AC1-87A7-9B864CF21751}C:\users\paula deroo\appdata\local\join.me\join.me.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\paula deroo\appdata\local\join.me\join.me.exe|Name=join.me.exe|Desc=join.me.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{41F04397-08B1-46D7-8B74-498D302F1502}C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{C19B701D-5344-4C2E-83A3-047BF15872DA}C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\igndefa.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C8700E64-6851-49C7-BB58-D7FC6173C211}C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{A37500A8-3C52-4726-8410-E6859B53B34D}C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\paula deroo\appdata\local\temp\ign5f10.tmp\lmiignition.exe|Name=lmiignition.exe|Desc=lmiignition.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{3C3B1DFB-2EB9-41EB-BFA1-E4239574E47F}C:\users\paula deroo\appdata\local\join.me\join.me.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\paula deroo\appdata\local\join.me\join.me.exe|Name=join.me.exe|Desc=join.me.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0140ABEC-C6B4-4AC1-87A7-9B864CF21751}C:\users\paula deroo\appdata\local\join.me\join.me.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\paula deroo\appdata\local\join.me\join.me.exe|Name=join.me.exe|Desc=join.me.exe|Defer=User| [x] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-967062836-2529923387-3564815213-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] osczqtxo.default-1434129100543 : user_pref("browser.startup.homepage", "http://www.ighome.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST1000DM003-1ER1 SCSI Disk Device +++++
--- User ---
[MBR] 2077d8dc764b719199d37404c8aec1cd
[BSP] 54f62174f94e638108bd90c29557bc2d : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 24802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 50876416 | Size: 929026 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: CF/MD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SM/xD Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: SD/mini-MMC/RS Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: MS/Pro/Duo Card +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

 

Link to post
Share on other sites

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paula DeRoo (05-04-2017 11:56:17) Run:1
Running from C:\Users\Paula DeRoo\Desktop
Loaded Profiles: Paula DeRoo (Available Profiles: Paula DeRoo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0016-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-001B-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Tcpip\..\Interfaces\{91B68AD6-7B09-4580-AFFA-72D66BBCD395}: [DhcpNameServer] 172.20.10.1
S4 0160761425215272mcinstcleanup; C:\Windows\TEMP\016076~1.EXE [851136 2014-08-08] (McAfee, Inc.)
C:\Windows\TEMP\016076~1.EXE
S4 McAWFwk; no ImagePath
Task: {90A36BBA-A182-4F6D-84F4-89A7E6D7196D} - System32\Tasks\{01238F93-C994-4984-820B-4BB0E3259193} => pcalua.exe -a "C:\Users\Paula DeRoo\AppData\Local\Temp\Temp2_eolupcli.zip\eolupcli.exe" <==== ATTENTION
C:\Users\Paula DeRoo\AppData\Local\Temp\Temp2_eolupcli.zip
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [270]
AlternateDataStreams: C:\Users\Paula DeRoo\Documents\14610 N 134th Ln, Surprise, AZ 85379:com.dropbox.attributes [168]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
FirewallRules: [{7808A63C-2D94-4D59-9491-78EFDA81D563}] => (Allow) LPort=9100
FirewallRules: [{F90B9517-806A-4E68-99E0-8EABD5DA3F5E}] => (Allow) LPort=427
FirewallRules: [{5444B3CE-758B-4987-8E44-8A5350CE5E84}] => (Allow) LPort=161
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{91140000-0011-0000-1000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-006E-0409-1000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-001A-0409-1000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0018-0409-1000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-0016-0409-1000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-001B-0409-1000-0000000FF1CE} => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-00A1-0409-1000-0000000FF1CE} => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91B68AD6-7B09-4580-AFFA-72D66BBCD395}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\0160761425215272mcinstcleanup => key removed successfully
0160761425215272mcinstcleanup => service removed successfully
C:\Windows\TEMP\016076~1.EXE => moved successfully
HKLM\System\CurrentControlSet\Services\McAWFwk => key removed successfully
McAWFwk => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90A36BBA-A182-4F6D-84F4-89A7E6D7196D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90A36BBA-A182-4F6D-84F4-89A7E6D7196D} => key removed successfully
C:\Windows\System32\Tasks\{01238F93-C994-4984-820B-4BB0E3259193} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01238F93-C994-4984-820B-4BB0E3259193} => key removed successfully
"C:\Users\Paula DeRoo\AppData\Local\Temp\Temp2_eolupcli.zip" => not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\Paula DeRoo\Documents\14610 N 134th Ln, Surprise, AZ 85379 => ":com.dropbox.attributes" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7808A63C-2D94-4D59-9491-78EFDA81D563} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F90B9517-806A-4E68-99E0-8EABD5DA3F5E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5444B3CE-758B-4987-8E44-8A5350CE5E84} => value removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102495303 B
Java, Flash, Steam htmlcache => 10090 B
Windows/system/drivers => 264629081 B
Edge => 0 B
Chrome => 0 B
Firefox => 408980378 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 87908023 B
NetworkService => 4592186 B
Paula DeRoo => 1920318277 B

RecycleBin => 10853658719 B
EmptyTemp: => 12.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:58:47 ====

 

******************************************************************************************************************************************************************************

 

Zemana AntiMalware 2.72.2.388 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/4/5
Operating System       : Windows 7 64-bit
Processor              : 4X Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
BIOS Mode              : Legacy
CUID                   : 122E1B88D2E5391C0F05E1
Scan Type              : System Scan
Duration               : 9m 50s
Scanned Objects        : 81151
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

F.B Purity - Cleans up Facebook (WX)
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\osczqtxo.default-1434129100543\extensions\fbpelectrowebext@fbpurity.com.xpi
MD5                : 8BD5F48D4AD0F567F8BEC400EFA8F9CA
Publisher          : -
Size               : 134307
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - F.B Purity - Cleans up Facebook (WX)
                File - %appdata%\mozilla\firefox\profiles\osczqtxo.default-1434129100543\extensions\fbpelectrowebext@fbpurity.com.xpi

spybot-search-destroy.exe
Status             : Scanned
Object             : %userprofile%\downloads\spybot-search-destroy.exe
MD5                : B0D5F1517FE727037F2A81A1D7F88CB1
Publisher          : CHIP Digital GmbH
Size               : 1496584
Version            : 2.1.4.4
Detection          : PUA:Win32/CHIP.AdsDownloader!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\spybot-search-destroy.exe

(I just downloaded the Spybot S&D before posting to this forum as I used to use it regularly. I have yet to install it since I downloaded though)

 

******************************************************************************************************************************************************************************

# AdwCleaner v6.045 - Logfile created 05/04/2017 at 12:26:27
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-04.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Paula DeRoo - PAULASXPS
# Running from : C:\Users\Paula DeRoo\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\8cccb0fa0000083e
[-] Folder deleted: C:\ProgramData\{3f810b31-4adf-c396-3f81-10b314ad2cc5}


***** [ Files ] *****

[-] File deleted: C:\Users\Paula DeRoo\AppData\Roaming\Mozilla\Firefox\Profiles\osczqtxo.default-1434129100543\invalidprefs.js


***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\dcb737cb-ccbb-735c-a148-5069ebe4bdfd
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}


***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1174 Bytes] - [05/04/2017 12:26:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [1447 Bytes] - [05/04/2017 12:25:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1320 Bytes] ##########

 

******************************************************************************************************************************************************************************

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Professional x64
Ran by Paula DeRoo (Administrator) on Wed 04/05/2017 at 12:44:28.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 8

Successfully deleted: C:\Users\Paula DeRoo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TJKXPQM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Paula DeRoo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96K1TD1R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Paula DeRoo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3283876 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Paula DeRoo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJFRX7AP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TJKXPQM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96K1TD1R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3283876 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OJFRX7AP (Temporary Internet Files Folder)

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{99C6BDB0-69A7-4898-A0B8-6EBFBF8FC003} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/05/2017 at 12:45:32.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

******************************************************************************************************************************************************************************

 

Haven't had any issues, although it wasn't happening every browsing session anyway. Do you see anything in these reports? I've scanned them but don't really see anything that looks abnormal to me.

 

Thanks,

Paula

Link to post
Share on other sites

Yes you have eolupcli.exe Virus running from Taskmanager http://www.completelyuninstallprogram.com/eolupcli-exe/

We move that bad entry with FRST fix...

Is virus that can create backdoors to your system to harvest data.... Do not believe it got that far, but you must run the following AV scan to double check..

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Make sure to change all passwords you use on this system, specifically any that have financial impact...

Post the produced log...

Thank you,

Kevin

Link to post
Share on other sites

Hello PaulaD,

Sophos scan brings us good news, we can clean up and remove tools etc... When this is completed make sure to change all passwords used on your PC... Continue with the following:

Uninstall Sophos AV and Zemana http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.