Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Myriam (administrator) on MYMI (04-04-2018 17:12:43)
Running from C:\Users\Myriam\Downloads
Loaded Profiles: Myriam (Available Profiles: Myriam)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\WX Client\WXConnectionMethod.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCService.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Myriam\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINAE.EXE
() C:\Program Files\Toshiba\Hotkey\Hotkey\TCrdKBB.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCInterface.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Windows\SysWOW64\WDBtnMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\dnscrypt-proxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Myriam\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TosPU] => C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright (C) TOSHIBA Corp. 2012)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Button Manager] => C:\Windows\SysWOW64\WDBtnMgr.exe [335872 2013-07-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2104152 2013-04-15] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3639616 2018-03-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [Spotify Web Helper] => C:\Users\Myriam\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-08] (Spotify Ltd)
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [EPLTarget\P0000000000000001] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-400 Series"
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATINAE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\RunOnce: [Uninstall 18.025.0204.0009\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Myriam\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64"
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\...\RunOnce: [Uninstall 18.025.0204.0009] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Myriam\AppData\Local\Microsoft\OneDrive\18.025.0204.0009"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Umbrella Roaming Client.lnk [2017-09-23]
ShortcutTarget: Umbrella Roaming Client.lnk -> C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCInterface.exe (Cisco Systems, Inc.)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume9autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{AE6D12FD-6394-4DBD-A090-F815EC2C9D47}: [NameServer] 172.16.129.16,172.16.32.16
Tcpip\..\Interfaces\{D2E01A62-D838-4B7D-8991-C4D752786AF6}: [NameServer] 127.0.0.1
Tcpip\..\Interfaces\{D2E01A62-D838-4B7D-8991-C4D752786AF6}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{E9654F10-C95B-4232-A455-5B8EE9E18442}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-2870124582-2670056687-1688047813-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {385E2DE8-C618-40C2-89FC-630DBA51240F} URL =
SearchScopes: HKLM-x32 -> DefaultScope {385E2DE8-C618-40C2-89FC-630DBA51240F} URL =
SearchScopes: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> {0A041559-87C4-581F-4F04-3F9883CFF8DA} URL =
SearchScopes: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> {385E2DE8-C618-40C2-89FC-630DBA51240F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-03-30] (Microsoft Corporation)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2013-11-01] (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2870124582-2670056687-1688047813-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-30] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: auux7g6s.default-1378140617709
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709 [2018-04-04]
FF user.js: detected! => C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\user.js [2014-06-28]
FF Homepage: Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709 -> hxxp://www.yahoo.com/
FF Session Restore: Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709 -> is enabled.
FF Extension: (OneTab) - C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\Extensions\extension@one-tab.com.xpi [2017-11-18]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\features\{619cf826-aabd-43cd-8fe6-d0a4a8ba0d08}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-03] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-12] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: (PasswordBox) - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-10-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-18] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2870124582-2670056687-1688047813-1001: box.com/BoxEdit -> C:\Users\Myriam\AppData\Local\Box\Box Edit\npBoxEdit.dll [No File]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8521384 2018-03-24] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [51024 2018-03-28] (Dropbox, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-08-07] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [4638784 2014-07-07] (Trend Micro Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1077536 2017-01-16] (IObit)
R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [575024 2014-03-19] (Trend Micro Inc.)
R3 tmccsf; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\tmccsf.exe [701064 2014-04-07] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [4628200 2014-07-07] (Trend Micro Inc.)
R2 Umbrella_RC; C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCService.exe [36632 2017-06-12] (Cisco Systems, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-13] (REALiX(tm))
R3 JNPRNA; C:\windows\system32\DRIVERS\jnprna6.sys [519544 2013-03-22] (Juniper Networks, Inc.)
S4 jnprTdi_735_34907; C:\windows\system32\Drivers\jnprTdi_735_34907.sys [108336 2013-04-15] (Juniper Networks, Inc.)
S3 jnprva; C:\windows\system32\DRIVERS\jnprva.sys [26480 2013-03-22] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\windows\system32\DRIVERS\jnprvamgr.sys [45352 2013-03-22] (Juniper Networks, Inc.)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-30] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [109800 2018-03-31] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [45960 2018-03-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-30] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [101600 2018-04-04] (Malwarebytes)
S3 RSP2STOR; C:\windows\system32\DRIVERS\RtsP2Stor.sys [272016 2012-08-07] (Realtek Semiconductor Corp.)
R0 THAccel; C:\windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R2 tmactmon; C:\windows\system32\DRIVERS\tmactmon.sys [106000 2014-03-19] (Trend Micro Inc.)
R1 tmcomm; C:\windows\system32\DRIVERS\tmcomm.sys [297592 2013-12-09] (Trend Micro Inc.)
R0 TMEBC; C:\windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\windows\system32\DRIVERS\tmeevw.sys [102712 2014-02-14] (Trend Micro Inc.)
R2 tmevtmgr; C:\windows\system32\DRIVERS\tmevtmgr.sys [69480 2014-03-19] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)
S3 tmusa; C:\windows\system32\DRIVERS\tmusa.sys [94008 2014-02-19] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-04 17:12 - 2018-04-04 17:13 - 000029804 _____ C:\Users\Myriam\Downloads\FRST.txt
2018-04-04 17:12 - 2018-04-04 17:12 - 000000000 ____D C:\FRST
2018-04-04 17:11 - 2018-04-04 17:11 - 002403328 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64(1).exe
2018-04-04 17:03 - 2018-04-04 17:03 - 002403328 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64.exe
2018-04-04 16:59 - 2018-04-04 16:59 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(4).exe
2018-04-04 16:56 - 2018-04-04 16:56 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(3).exe
2018-04-04 16:47 - 2018-04-04 16:47 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(2).exe
2018-04-04 16:43 - 2018-04-04 16:43 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix(1).exe
2018-04-03 17:47 - 2018-04-03 17:47 - 003042176 _____ C:\Users\Myriam\Downloads\ZHPDiag3(2).exe
2018-04-03 15:46 - 2018-04-03 15:46 - 000000000 ___HD C:\OneDriveTemp
2018-04-02 17:36 - 2018-04-02 17:36 - 000000000 ____D C:\Users\Myriam\Downloads\Quarantine
2018-04-02 17:35 - 2018-04-02 17:35 - 003061760 _____ (Nicolas Coolman) C:\Users\Myriam\Downloads\ZHPFix.exe
2018-03-31 13:29 - 2018-03-31 13:29 - 003042176 _____ C:\Users\Myriam\Downloads\ZHPDiag3(1).exe
2018-03-31 12:53 - 2018-03-31 12:53 - 000045960 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2018-03-31 12:04 - 2018-03-31 12:41 - 000033113 _____ C:\Users\Myriam\Desktop\ZHPCleaner.html
2018-03-31 11:54 - 2018-03-31 11:54 - 000000839 _____ C:\Users\Myriam\Desktop\ZHPCleaner.lnk
2018-03-31 11:52 - 2018-03-31 11:52 - 003106176 _____ C:\Users\Myriam\Downloads\ZHPCleaner.exe
2018-03-30 16:17 - 2018-03-30 16:17 - 000000000 ____D C:\Users\Myriam\AppData\Local\IsolatedStorage
2018-03-30 16:09 - 2018-03-30 16:09 - 000000000 _____ C:\windows\Minidump\033018-63640-01.dmp
2018-03-30 13:56 - 2018-03-30 22:07 - 000001576 _____ C:\Users\Myriam\Desktop\e5 Secure Download Manager.lnk
2018-03-30 13:56 - 2018-03-30 22:07 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e5 Secure Download Manager
2018-03-30 13:34 - 2018-03-30 13:35 - 002453504 _____ C:\Users\Myriam\Downloads\SDM_EN(4).msi
2018-03-30 13:31 - 2018-03-30 13:31 - 000002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-03-30 13:09 - 2018-04-04 16:42 - 000101600 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-03-30 13:09 - 2018-03-31 12:53 - 000109800 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-03-30 13:09 - 2018-03-30 16:11 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-03-30 13:09 - 2018-03-30 13:09 - 000193248 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2018-03-30 13:09 - 2018-03-30 13:09 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-30 13:09 - 2018-03-30 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-30 13:08 - 2018-03-30 13:08 - 000000000 ____D C:\ProgramData\MB2Migration
2018-03-30 13:08 - 2018-03-30 13:08 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-30 13:08 - 2018-01-18 08:03 - 000076200 _____ C:\windows\system32\Drivers\mbae64.sys
2018-03-29 18:05 - 2018-03-29 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-28 09:31 - 2018-03-28 09:31 - 000051024 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2018-03-28 09:31 - 2018-03-28 09:31 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2018-03-28 09:31 - 2018-03-28 09:31 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2018-03-28 09:31 - 2018-03-28 09:31 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2018-03-27 09:06 - 2018-03-27 09:06 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-03-18 19:00 - 2018-04-03 17:59 - 000298286 _____ C:\Users\Myriam\Desktop\ZHPDiag.html
2018-03-18 19:00 - 2018-04-03 17:59 - 000213410 _____ C:\Users\Myriam\Desktop\ZHPDiag.txt
2018-03-18 18:43 - 2018-04-03 17:59 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\ZHP
2018-03-18 18:43 - 2018-04-03 17:48 - 000000829 _____ C:\Users\Myriam\Desktop\ZHPDiag.lnk
2018-03-18 18:43 - 2018-03-31 11:54 - 000000000 ____D C:\Users\Myriam\AppData\Local\ZHP
2018-03-18 18:42 - 2018-03-18 18:42 - 003037056 _____ C:\Users\Myriam\Downloads\ZHPDiag3.exe
2018-03-18 17:45 - 2018-03-18 17:46 - 000000000 ____D C:\Users\Myriam\Documents\Vanguard Accounts
2018-03-10 14:18 - 2018-03-10 14:18 - 000000000 ____D C:\46b8dc12e0ac60e8c0e665bb34d4d4
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-04-04 17:02 - 2016-04-02 20:44 - 000000000 ____D C:\Users\Myriam\Documents\Technology
2018-04-04 16:57 - 2016-11-19 12:07 - 000000000 ____D C:\Users\Myriam\AppData\LocalLow\Mozilla
2018-04-04 16:56 - 2016-06-19 19:36 - 000000918 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-04-04 16:56 - 2016-06-19 19:36 - 000000914 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-04-04 16:38 - 2016-03-31 19:38 - 000000929 _____ C:\windows\Tasks\EPSON XP-420 Series Update {7506ED29-D2B3-408F-9C39-C6870A815C91}.job
2018-04-04 14:39 - 2013-06-16 14:28 - 000000000 ____D C:\Users\Myriam\AppData\Local\CrashDumps
2018-04-03 15:46 - 2018-02-09 09:57 - 000003166 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2870124582-2670056687-1688047813-1001
2018-04-03 15:46 - 2018-02-09 09:25 - 000002301 _____ C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-03 15:46 - 2017-04-29 06:55 - 000000000 ___RD C:\Users\Myriam\OneDrive
2018-04-02 18:11 - 2014-04-20 12:41 - 000003414 _____ C:\windows\System32\Tasks\Apple Diagnostics
2018-04-02 15:43 - 2012-07-26 02:28 - 000005844 _____ C:\windows\system32\PerfStringBackup.INI
2018-03-31 13:28 - 2017-07-19 16:31 - 000000238 _____ C:\windows\Tasks\StartMenu8_Start.job
2018-03-31 12:50 - 2014-02-05 18:37 - 000000392 _____ C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2018-03-31 12:50 - 2014-02-05 18:37 - 000000390 _____ C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2018-03-31 12:50 - 2013-11-21 20:52 - 000000880 _____ C:\windows\Tasks\AV_PWB.job
2018-03-31 12:50 - 2012-07-26 02:22 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-31 12:49 - 2015-12-10 15:08 - 000426720 _____ C:\windows\system32\FNTCACHE.DAT
2018-03-31 12:48 - 2012-07-26 00:26 - 000262144 ___SH C:\windows\system32\config\BBI
2018-03-31 12:40 - 2013-06-16 15:06 - 000000000 ____D C:\Users\Myriam\AppData\LocalLow\IObit
2018-03-31 12:40 - 2013-06-16 15:05 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\IObit
2018-03-31 12:40 - 2013-06-16 15:05 - 000000000 ____D C:\ProgramData\IObit
2018-03-31 12:34 - 2013-06-16 12:41 - 000000000 ____D C:\Users\Myriam\AppData\Local\Packages
2018-03-31 12:01 - 2012-07-26 03:12 - 000000000 ____D C:\windows\registration
2018-03-30 20:58 - 2012-07-26 03:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-30 20:55 - 2017-04-29 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-30 20:54 - 2012-12-03 00:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-30 17:38 - 2016-11-18 11:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-30 17:38 - 2013-06-16 14:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-30 17:37 - 2013-08-16 19:52 - 000000000 ____D C:\Users\Myriam\AppData\Roaming\BlueSprig
2018-03-30 16:20 - 2013-06-16 14:53 - 000001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-30 16:18 - 2015-01-13 18:51 - 000000000 ____D C:\ProgramData\ProductData
2018-03-30 16:09 - 2017-07-08 12:27 - 000000000 ____D C:\windows\Minidump
2018-03-30 16:09 - 2012-07-26 00:37 - 000000000 ____D C:\windows\Inf
2018-03-30 16:08 - 2017-07-08 12:27 - 913188636 _____ C:\windows\MEMORY.DMP
2018-03-30 14:25 - 2014-04-20 12:44 - 000000000 ____D C:\Users\Myriam\Documents\Outlook Files
2018-03-30 13:24 - 2014-04-20 12:44 - 000000000 ____D C:\Users\Myriam\AppData\Local\2F3E4A1F-490A-4346-BF37-8D6D87A92D84.aplzod
2018-03-30 13:08 - 2014-06-26 22:17 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-03-30 13:08 - 2013-08-16 20:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-30 13:03 - 2015-08-28 20:16 - 000000000 ____D C:\Temp
2018-03-29 18:06 - 2016-06-19 19:36 - 000000000 ____D C:\Users\Myriam\AppData\Local\Dropbox
2018-03-29 18:06 - 2016-06-19 19:36 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-03-27 09:23 - 2013-07-27 14:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-03-27 09:19 - 2012-07-26 00:26 - 000000167 _____ C:\windows\win.ini
2018-03-27 09:10 - 2013-08-15 11:41 - 000000000 ____D C:\windows\system32\MRT
2018-03-27 09:06 - 2013-07-23 17:38 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-03-27 08:53 - 2012-07-26 03:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-27 08:51 - 2012-07-26 03:12 - 000000000 ____D C:\windows\AUInstallAgent
2018-03-19 18:20 - 2013-07-23 19:01 - 000000000 ____D C:\Users\Myriam\Documents\Health Records
2018-03-18 16:43 - 2013-07-23 17:59 - 000004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-18 16:43 - 2012-07-26 03:12 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-18 16:43 - 2012-07-26 03:12 - 000000000 ____D C:\windows\system32\Macromed
2018-03-11 13:38 - 2013-12-18 20:43 - 000000000 ____D C:\Users\Myriam\Documents\T-Mobile
2018-03-11 12:09 - 2013-07-23 19:01 - 000000000 ____D C:\Users\Myriam\Documents\Income Taxes
==================== Files in the root of some directories =======
2017-05-15 10:14 - 2017-05-15 10:14 - 000007605 _____ () C:\Users\Myriam\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-04-02 18:11
==================== End of FRST.txt ============================