Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by Myriam (administrator) on MYMI (04-04-2018 17:12:43) Running from C:\Users\Myriam\Downloads Loaded Profiles: Myriam (Available Profiles: Myriam) Platform: Windows 8 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\WX Client\WXConnectionMethod.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Cisco Systems, Inc.) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCService.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe () C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Myriam\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINAE.EXE () C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe (Cisco Systems, Inc.) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCInterface.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Western Digital Technologies, Inc.) C:\Windows\SysWOW64\WDBtnMgr.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (Cisco Systems, Inc.) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\dnscrypt-proxy.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Myriam\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.) HKLM\...\Run: [TosPU] => C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright (C) TOSHIBA Corp. 2012) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.) HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [WD Button Manager] => C:\Windows\SysWOW64\WDBtnMgr.exe [335872 2013-07-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.) HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2104152 2013-04-15] (Juniper Networks, Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.) HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [Spotify Web Helper] => C:\Users\Myriam\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-08] (Spotify Ltd) HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.) HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.) HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-400 Series" HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATINAE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\RunOnce: [Uninstall 18.025.0204.0009\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Myriam\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64" HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\RunOnce: [Uninstall 18.025.0204.0009] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Myriam\AppData\Local\Microsoft\OneDrive\18.025.0204.0009" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Umbrella Roaming Client.lnk [2017-09-23] ShortcutTarget: Umbrella Roaming Client.lnk -> C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCInterface.exe (Cisco Systems, Inc.) BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{AE6D12FD-6394-4DBD-A090-F815EC2C9D47}: [NameServer] 172.16.129.16,172.16.32.16 Tcpip\..\Interfaces\{D2E01A62-D838-4B7D-8991-C4D752786AF6}: [NameServer] 127.0.0.1 Tcpip\..\Interfaces\{D2E01A62-D838-4B7D-8991-C4D752786AF6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{E9654F10-C95B-4232-A455-5B8EE9E18442}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {385E2DE8-C618-40C2-89FC-630DBA51240F} URL = SearchScopes: HKLM-x32 -> DefaultScope {385E2DE8-C618-40C2-89FC-630DBA51240F} URL = SearchScopes: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> {0A041559-87C4-581F-4F04-3F9883CFF8DA} URL = SearchScopes: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> {385E2DE8-C618-40C2-89FC-630DBA51240F} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation) BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2013-11-01] (PasswordBox, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION) Toolbar: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: auux7g6s.default-1378140617709 FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709 [2018-04-04] FF user.js: detected! => C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\user.js [2014-06-28] FF Homepage: Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709 -> hxxp://www.yahoo.com/ FF Session Restore: Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709 -> is enabled. FF Extension: (OneTab) - C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\Extensions\extension@one-tab.com.xpi [2017-11-18] FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\features\{619cf826-aabd-43cd-8fe6-d0a4a8ba0d08}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-12] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox FF Extension: (PasswordBox) - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-10-26] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-18] () FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-30] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin HKU\S-1-5-21-2870124582-2670056687-1688047813-1001: box.com/BoxEdit -> C:\Users\Myriam\AppData\Local\Box\Box Edit\npBoxEdit.dll [No File] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.) R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.) R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-08-07] (Realsil Microelectronics Inc.) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [4638784 2014-07-07] (Trend Micro Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor) R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1077536 2017-01-16] (IObit) R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION) R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [575024 2014-03-19] (Trend Micro Inc.) R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [701064 2014-04-07] (Trend Micro Inc.) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [4628200 2014-07-07] (Trend Micro Inc.) R2 Umbrella_RC; C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCService.exe [36632 2017-06-12] (Cisco Systems, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation) S3 WD Backup Drive Helper; C:\windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} S3 WD Backup Snapshot; C:\windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [76200 2018-01-18] () R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-13] (REALiX(tm)) R3 JNPRNA; C:\windows\system32\DRIVERS\jnprna6.sys [519544 2013-03-22] (Juniper Networks, Inc.) S4 jnprTdi_735_34907; C:\windows\system32\Drivers\jnprTdi_735_34907.sys [108336 2013-04-15] (Juniper Networks, Inc.) S3 jnprva; C:\windows\system32\DRIVERS\jnprva.sys [26480 2013-03-22] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\windows\system32\DRIVERS\jnprvamgr.sys [45352 2013-03-22] (Juniper Networks, Inc.) R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-30] (Malwarebytes) R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [109800 2018-03-31] (Malwarebytes) R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [45960 2018-03-31] (Malwarebytes) R0 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-30] (Malwarebytes) R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [101600 2018-04-04] (Malwarebytes) S3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [272016 2012-08-07] (Realtek Semiconductor Corp.) R0 THAccel; C:\windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION) R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R2 tmactmon; C:\windows\system32\DRIVERS\tmactmon.sys [106000 2014-03-19] (Trend Micro Inc.) R1 tmcomm; C:\windows\system32\DRIVERS\tmcomm.sys [297592 2013-12-09] (Trend Micro Inc.) R0 TMEBC; C:\windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.) S3 tmeevw; C:\windows\system32\DRIVERS\tmeevw.sys [102712 2014-02-14] (Trend Micro Inc.) R2 tmevtmgr; C:\windows\system32\DRIVERS\tmevtmgr.sys [69480 2014-03-19] (Trend Micro Inc.) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.) S3 tmusa; C:\windows\system32\DRIVERS\tmusa.sys [94008 2014-02-19] (Trend Micro Inc.) R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.) S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation) S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dbx; system32\DRIVERS\dbx.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-04 17:12 - 2018-04-04 17:13 - 000029804 _____ C:\Users\Myriam\Downloads\FRST.txt 2018-04-04 17:12 - 2018-04-04 17:12 - 000000000 ____D C:\FRST 2018-04-04 17:11 - 2018-04-04 17:11 - 002403328 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64(1).exe 2018-04-04 17:03 - 2018-04-04 17:03 - 002403328 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64.exe 2018-04-04 16:59 - 2018-04-04 16:59 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(4).exe 2018-04-04 16:56 - 2018-04-04 16:56 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(3).exe 2018-04-04 16:47 - 2018-04-04 16:47 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(2).exe 2018-04-04 16:43 - 2018-04-04 16:43 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(1).exe 2018-04-03 17:47 - 2018-04-03 17:47 - 003042176 _____ C:\Users\Myriam\Downloads\ZHPDiag3(2).exe 2018-04-03 15:46 - 2018-04-03 15:46 - 000000000 ___HD C:\OneDriveTemp 2018-04-02 17:36 - 2018-04-02 17:36 - 000000000 ____D C:\Users\Myriam\Downloads\Quarantine 2018-04-02 17:35 - 2018-04-02 17:35 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix.exe 2018-03-31 13:29 - 2018-03-31 13:29 - 003042176 _____ C:\Users\Myriam\Downloads\ZHPDiag3(1).exe 2018-03-31 12:53 - 2018-03-31 12:53 - 000045960 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2018-03-31 12:04 - 2018-03-31 12:41 - 000033113 _____ C:\Users\Myriam\Desktop\ZHPCleaner.html 2018-03-31 11:54 - 2018-03-31 11:54 - 000000839 _____ C:\Users\Myriam\Desktop\ZHPCleaner.lnk 2018-03-31 11:52 - 2018-03-31 11:52 - 003106176 _____ C:\Users\Myriam\Downloads\ZHPCleaner.exe 2018-03-30 16:17 - 2018-03-30 16:17 - 000000000 ____D C:\Users\Myriam\AppData\Local\IsolatedStorage 2018-03-30 16:09 - 2018-03-30 16:09 - 000000000 _____ C:\windows\Minidump\033018-63640-01.dmp 2018-03-30 13:56 - 2018-03-30 22:07 - 000001576 _____ C:\Users\Myriam\Desktop\e5 Secure Download Manager.lnk 2018-03-30 13:56 - 2018-03-30 22:07 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e5 Secure Download Manager 2018-03-30 13:34 - 2018-03-30 13:35 - 002453504 _____ C:\Users\Myriam\Downloads\SDM_EN(4).msi 2018-03-30 13:31 - 2018-03-30 13:31 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-03-30 13:09 - 2018-04-04 16:42 - 000101600 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys 2018-03-30 13:09 - 2018-03-31 12:53 - 000109800 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys 2018-03-30 13:09 - 2018-03-30 16:11 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys 2018-03-30 13:09 - 2018-03-30 13:09 - 000193248 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys 2018-03-30 13:09 - 2018-03-30 13:09 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-30 13:09 - 2018-03-30 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-30 13:08 - 2018-03-30 13:08 - 000000000 ____D C:\ProgramData\MB2Migration 2018-03-30 13:08 - 2018-03-30 13:08 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-30 13:08 - 2018-01-18 08:03 - 000076200 _____ C:\windows\system32\Drivers\mbae64.sys 2018-03-29 18:05 - 2018-03-29 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-03-28 09:31 - 2018-03-28 09:31 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe 2018-03-28 09:31 - 2018-03-28 09:31 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys 2018-03-28 09:31 - 2018-03-28 09:31 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys 2018-03-28 09:31 - 2018-03-28 09:31 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys 2018-03-27 09:06 - 2018-03-27 09:06 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe 2018-03-18 19:00 - 2018-04-03 17:59 - 000298286 _____ C:\Users\Myriam\Desktop\ZHPDiag.html 2018-03-18 19:00 - 2018-04-03 17:59 - 000213410 _____ C:\Users\Myriam\Desktop\ZHPDiag.txt 2018-03-18 18:43 - 2018-04-03 17:59 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\ZHP 2018-03-18 18:43 - 2018-04-03 17:48 - 000000829 _____ C:\Users\Myriam\Desktop\ZHPDiag.lnk 2018-03-18 18:43 - 2018-03-31 11:54 - 000000000 ____D C:\Users\Myriam\AppData\Local\ZHP 2018-03-18 18:42 - 2018-03-18 18:42 - 003037056 _____ C:\Users\Myriam\Downloads\ZHPDiag3.exe 2018-03-18 17:45 - 2018-03-18 17:46 - 000000000 ____D C:\Users\Myriam\Documents\Vanguard Accounts 2018-03-10 14:18 - 2018-03-10 14:18 - 000000000 ____D C:\46b8dc12e0ac60e8c0e665bb34d4d4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-04-04 17:02 - 2016-04-02 20:44 - 000000000 ____D C:\Users\Myriam\Documents\Technology 2018-04-04 16:57 - 2016-11-19 12:07 - 000000000 ____D C:\Users\Myriam\AppData\LocalLow\Mozilla 2018-04-04 16:56 - 2016-06-19 19:36 - 000000918 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2018-04-04 16:56 - 2016-06-19 19:36 - 000000914 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2018-04-04 16:38 - 2016-03-31 19:38 - 000000929 _____ C:\windows\Tasks\EPSON XP-420 Series Update {7506ED29-D2B3-408F-9C39-C6870A815C91}.job 2018-04-04 14:39 - 2013-06-16 14:28 - 000000000 ____D C:\Users\Myriam\AppData\Local\CrashDumps 2018-04-03 15:46 - 2018-02-09 09:57 - 000003166 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2870124582-2670056687-1688047813-1001 2018-04-03 15:46 - 2018-02-09 09:25 - 000002301 _____ C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-04-03 15:46 - 2017-04-29 06:55 - 000000000 ___RD C:\Users\Myriam\OneDrive 2018-04-02 18:11 - 2014-04-20 12:41 - 000003414 _____ C:\windows\System32\Tasks\Apple Diagnostics 2018-04-02 15:43 - 2012-07-26 02:28 - 000005844 _____ C:\windows\system32\PerfStringBackup.INI 2018-03-31 13:28 - 2017-07-19 16:31 - 000000238 _____ C:\windows\Tasks\StartMenu8_Start.job 2018-03-31 12:50 - 2014-02-05 18:37 - 000000392 _____ C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job 2018-03-31 12:50 - 2014-02-05 18:37 - 000000390 _____ C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job 2018-03-31 12:50 - 2013-11-21 20:52 - 000000880 _____ C:\windows\Tasks\AV_PWB.job 2018-03-31 12:50 - 2012-07-26 02:22 - 000000006 ____H C:\windows\Tasks\SA.DAT 2018-03-31 12:49 - 2015-12-10 15:08 - 000426720 _____ C:\windows\system32\FNTCACHE.DAT 2018-03-31 12:48 - 2012-07-26 00:26 - 000262144 ___SH C:\windows\system32\config\BBI 2018-03-31 12:40 - 2013-06-16 15:06 - 000000000 ____D C:\Users\Myriam\AppData\LocalLow\IObit 2018-03-31 12:40 - 2013-06-16 15:05 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\IObit 2018-03-31 12:40 - 2013-06-16 15:05 - 000000000 ____D C:\ProgramData\IObit 2018-03-31 12:34 - 2013-06-16 12:41 - 000000000 ____D C:\Users\Myriam\AppData\Local\Packages 2018-03-31 12:01 - 2012-07-26 03:12 - 000000000 ____D C:\windows\registration 2018-03-30 20:58 - 2012-07-26 03:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-30 20:55 - 2017-04-29 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2018-03-30 20:54 - 2012-12-03 00:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-30 17:38 - 2016-11-18 11:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-03-30 17:38 - 2013-06-16 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-03-30 17:37 - 2013-08-16 19:52 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\BlueSprig 2018-03-30 16:20 - 2013-06-16 14:53 - 000001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-03-30 16:18 - 2015-01-13 18:51 - 000000000 ____D C:\ProgramData\ProductData 2018-03-30 16:09 - 2017-07-08 12:27 - 000000000 ____D C:\windows\Minidump 2018-03-30 16:09 - 2012-07-26 00:37 - 000000000 ____D C:\windows\Inf 2018-03-30 16:08 - 2017-07-08 12:27 - 913188636 _____ C:\windows\MEMORY.DMP 2018-03-30 14:25 - 2014-04-20 12:44 - 000000000 ____D C:\Users\Myriam\Documents\Outlook Files 2018-03-30 13:24 - 2014-04-20 12:44 - 000000000 ____D C:\Users\Myriam\AppData\Local\2F3E4A1F-490A-4346-BF37-8D6D87A92D84.aplzod 2018-03-30 13:08 - 2014-06-26 22:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2018-03-30 13:08 - 2013-08-16 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-30 13:03 - 2015-08-28 20:16 - 000000000 ____D C:\Temp 2018-03-29 18:06 - 2016-06-19 19:36 - 000000000 ____D C:\Users\Myriam\AppData\Local\Dropbox 2018-03-29 18:06 - 2016-06-19 19:36 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-03-27 09:23 - 2013-07-27 14:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-03-27 09:19 - 2012-07-26 00:26 - 000000167 _____ C:\windows\win.ini 2018-03-27 09:10 - 2013-08-15 11:41 - 000000000 ____D C:\windows\system32\MRT 2018-03-27 09:06 - 2013-07-23 17:38 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2018-03-27 08:53 - 2012-07-26 03:12 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-27 08:51 - 2012-07-26 03:12 - 000000000 ____D C:\windows\AUInstallAgent 2018-03-19 18:20 - 2013-07-23 19:01 - 000000000 ____D C:\Users\Myriam\Documents\Health Records 2018-03-18 16:43 - 2013-07-23 17:59 - 000004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2018-03-18 16:43 - 2012-07-26 03:12 - 000000000 ____D C:\windows\SysWOW64\Macromed 2018-03-18 16:43 - 2012-07-26 03:12 - 000000000 ____D C:\windows\system32\Macromed 2018-03-11 13:38 - 2013-12-18 20:43 - 000000000 ____D C:\Users\Myriam\Documents\T-Mobile 2018-03-11 12:09 - 2013-07-23 19:01 - 000000000 ____D C:\Users\Myriam\Documents\Income Taxes ==================== Files in the root of some directories ======= 2017-05-15 10:14 - 2017-05-15 10:14 - 000007605 _____ () C:\Users\Myriam\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-04-02 18:11 ==================== End of FRST.txt ============================