Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Issues


  • This topic is locked This topic is locked
62 replies to this topic

#1 ep2002

ep2002

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 14 December 2016 - 01:16 PM

Hi,

 

I've been having a lot of issues lately not to mention it takes forever for my computer to reboot or even Windows to get past the Windows screen.

 

Other issues, like I click on an e-mail in Thunderbird & the -mail window pops up even though I didn't double click it. I'm just now realizing that it's happening on sites too, not just in TB.

 

I also remembered another thing. I insert thumb drives into my case & when I go to unlock them so I can pull them out, sometimes the icon that shows me what's connected is missing. :(

 

I've had issues with Skype logging in or staying logged in.

 

I've recently had lots of spam suddenly appear in 3 different e-mail accounts (I have a lot of e-mail accounts) when they NEVER got spam before & they have nothing to do with one another, so it's not like they would have suddenly all been put on the same list. This is really concerning me as 2 started on the same day & the 3rd a week later.

 

I have issues with sites & of course the site owners tell me no one else is having that problem. They blame my Chrome, but it's not Chrome.

 

I have around 5 different instances of Chrome open if you know what I mean by that. Last week or so I noticed that one instance of windows was moving to the end of the line of all my programs that are open in my taskbar. It didn't just happen once, but at least 3 times now & that's scary :(

 

I also had one Chrome instance re-arrange the 3 windows that were open so they weren't in the order they are normally in.

 

There's other things other than the computer just not working right, I just can't remember right now. Sorry.

 

Thank you


Edited by ep2002, 14 December 2016 - 01:34 PM.


BC AdBot (Login to Remove)

 


#2 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 14 December 2016 - 01:19 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Michelle (administrator) on MICHELLE-PC (14-12-2016 20:03:55)
Running from D:\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Shelltoys\Personal Assistant\assistant.exe
(SanDisk Corporation) C:\Users\Michelle\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Akamai Technologies, Inc.) C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Akamai Technologies, Inc.) C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe
(RingCentral) C:\Program Files (x86)\RingCentral for Windows\Softphone.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dropbox, Inc.) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Mega Limited) C:\Users\Michelle\AppData\Local\MEGAsync\MEGAsync.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dashlane, Inc.) C:\Users\Michelle\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Michelle\AppData\Roaming\Dashlane\DashlanePlugin.exe
() C:\Program Files (x86)\RingCentral for Windows\x64\SoftPhoneMapiBridge.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_267.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [pdfFactory3] => C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe [746496 2011-03-03] (FinePrint Software, LLC)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [461192 2016-10-17] (Code 42 Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Personal Assistant] => C:\Program Files (x86)\Shelltoys\Personal Assistant\assistant.exe [456704 2003-03-05] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [icq] => C:\Users\Michelle\AppData\Roaming\ICQM\icq.exe [29919576 2013-11-06] (ICQ)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [RCUI] => "C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [RCHotKey] => "C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [SansaDispatch] => C:\Users\Michelle\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-30] (SanDisk Corporation)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-11] (Akamai Technologies, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Dashlane] => C:\Users\Michelle\AppData\Roaming\Dashlane\Dashlane.exe [478592 2016-12-07] (Dashlane, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [ Maintance] => "C:\Program Files\\net1.exe" windowsStartup
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Dropbox Update] => C:\Users\Michelle\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [DashlanePlugin] => C:\Users\Michelle\AppData\Roaming\Dashlane\DashlanePlugin.exe [536960 2016-12-07] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [RingCentral for Windows] => C:\Program Files (x86)\RingCentral for Windows\Softphone.exe [51944920 2016-11-03] (RingCentral)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [2267912 2016-08-19] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\MountPoints2: {0d1d08ec-e336-11e3-a155-806e6f6e6963} - J:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\ctfmon.exe ctfmon.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-08-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-08-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-07-16]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-06-11]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2016-06-11]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-06-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Michelle\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tracker.lnk [2016-03-22]
ShortcutTarget: Tracker.lnk -> C:\Program Files (x86)\Tracker\Tracker.exe (No File)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk [2015-06-08]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6FB77BC8-AD13-4724-9132-DC8684A3FCA4}: [DhcpNameServer] 8.15.12.5 8.8.8.8 192.168.10.3
Tcpip\..\Interfaces\{DA600D93-1842-4425-84CC-5817A38B27C6}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-510508962-3957035186-55548189-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-18] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Michelle\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-12-07] (Dashlane, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-18] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-18] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Michelle\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-12-07] (Dashlane, Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-18] (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files (x86)\Common Files\Intuit\intu-res.dll [2006-06-08] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
 
FireFox:
========
FF DefaultProfile: 6huofoaa.default
FF DefaultProfile: michelle@michelleprefers.com
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default [2013-08-04]
FF Extension: (Account Colors) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\accountcolors@DW-dev.xpi [2013-05-27] [not signed]
FF Extension: (Australis ReDesign TB) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\Australis_ReDesign_TB@Ansgar.xpi [2013-07-17] [not signed]
FF Extension: (Auto Compress File) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\AutoCompressFile@gmail.com.xpi [2013-07-25] [not signed]
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\compatibility@addons.mozilla.org.xpi [2012-02-27] [not signed]
FF Extension: (Extra Folder Columns) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\extra-cols@jminta_gmail.com.xpi [2013-04-02] [not signed]
FF Extension: (GlassMyBird) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\GlassMyBird@ArisT2_Noia4dev.xpi [2013-07-16] [not signed]
FF Extension: (Mail Tweak) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\mail-tweak@rod.whiteley [2013-07-14] [not signed]
FF Extension: (Quicker Filer) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\qfiler@eivind.rovik [2013-07-14] [not signed]
FF Extension: (QuickFolders) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\quickfolders@curious.be.xpi [2013-02-13] [not signed]
FF Extension: (Quick Folder Move) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\quickmove@mozilla.kewis.ch.xpi [2013-03-11] [not signed]
FF Extension: (Phoenity Shredder) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\shredder@phoenity.com.xpi [2013-07-16] [not signed]
FF Extension: (Silvermel) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\silvermel@pardal.de.xpi [2013-07-16] [not signed]
FF Extension: (Silvermel and Charamel XT) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\silvermelxt@pardal.de.xpi [2013-07-16] [not signed]
FF Extension: (Subject Manager) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\SubjectManager@gmail.com.xpi [2013-03-17] [not signed]
FF Extension: (Tangobird) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\Tangobird@haven667.xpi [2013-07-16] [not signed]
FF Extension: (Old-style (version 2) smilies) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\tb2-smilies@epfl.ch [2013-07-14] [not signed]
FF Extension: (Test Pilot for Thunderbird) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\tbtestpilot@labs.mozilla.com.xpi [2012-04-25] [not signed]
FF Extension: (XNote++) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\xnote@froihofer.net.xpi [2012-08-01] [not signed]
FF Extension: (FireShot) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013-07-14] [not signed]
FF Extension: (Priority Switcher) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{0D2172E4-C5AE-465A-B80D-53A840275B5E} [2013-07-14] [not signed]
FF Extension: (ImportExportTools) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi [2013-07-25] [not signed]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}-trash [2013-07-14] [not signed]
FF Extension: (CompactHeader) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi [2013-02-19] [not signed]
FF Extension: (QuickMenuMC) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{71e95839-6f7e-470d-be54-77012fec6313} [2013-07-14] [not signed]
FF Extension: (Xpunge) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{786abda0-fd14-d247-bf69-38b2fc18491b}.xpi [2012-11-23] [not signed]
FF Extension: (Quicktext) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.xpi [2012-11-23] [not signed]
FF Extension: (Clippings) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2013-08-01] [not signed]
FF Extension: (ReminderFox) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-14] [not signed]
FF Extension: (Quickfile) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{b1095862-e2d0-4fc0-9793-b46bc7d3ae72} [2013-07-14] [not signed]
FF Extension: (Orthodox) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{b20783e1-e075-43bf-a2d0-bf5221c2aa84}.xpi [2013-07-16] [not signed]
FF Extension: (Folderpane Tools) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{b243fe83-b8a7-47de-855d-21d865243d5d} [2013-07-14] [not signed]
FF Extension: (Timestamp) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{c055dfb5-15af-428a-8a66-637c6032dddb} [2013-07-14] [not signed]
FF Extension: (accountex) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{cf3b5651-d280-49db-8df2-ff4d1c2fd47c} [2013-07-14] [not signed]
FF Extension: (FoxClocks) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-07-14] [not signed]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}.xpi [2011-08-22] [not signed]
FF Extension: (Theme Font & Size Changer) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c} [2013-07-16] [not signed]
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\compatibility@addons.mozilla.org.xpi [2016-05-01]
FF Extension: (XNote++) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\xnote@froihofer.net.xpi [2012-08-01] [not signed]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}.xpi [2016-05-01]
FF Extension: (Quicktext) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.xpi [2016-05-27] [not signed]
FF Extension: (Quick Folder Move) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\quickmove@mozilla.kewis.ch.xpi [2015-02-11] [not signed]
FF Extension: (Subject Manager) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\SubjectManager@gmail.com.xpi [2016-10-04] [not signed]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\qfiler@eivind.rovik [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c} [not found]
FF Extension: (Silvermel and Charamel XT) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\silvermelxt@pardal.de.xpi [2015-07-06]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Thunderbird\extensions\{E250941A-6892-4070-9404-32C0A93B8920} [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi [not found]
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\bjqjteft.Working [2013-08-04]
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default [2013-08-22]
FF Extension: (abusix Spam reporter) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\abusixspamreporter@simon.pirschel.xpi [2013-08-05] [not signed]
FF Extension: (Account Colors) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\accountcolors@DW-dev.xpi [2013-05-27] [not signed]
FF Extension: (Auto Compress File) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\AutoCompressFile@gmail.com.xpi [2013-08-15] [not signed]
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\compatibility@addons.mozilla.org.xpi [2012-02-27] [not signed]
FF Extension: (Email Security Plus) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\emailsecurityplus@paolorovelli.net.xpi [2013-08-09] [not signed]
FF Extension: (Extra Folder Columns) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\extra-cols@jminta_gmail.com.xpi [2013-04-02] [not signed]
FF Extension: (Mail Tweak) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\mail-tweak@rod.whiteley [2013-08-22] [not signed]
FF Extension: (Quicker Filer) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\qfiler@eivind.rovik [2013-08-22] [not signed]
FF Extension: (QuickFolders) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\quickfolders@curious.be.xpi [2013-02-13] [not signed]
FF Extension: (Quick Folder Move) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\quickmove@mozilla.kewis.ch.xpi [2013-03-11] [not signed]
FF Extension: (Silvermel) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\silvermel@pardal.de.xpi [2013-08-05] [not signed]
FF Extension: (Silvermel and Charamel XT) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\silvermelxt@pardal.de.xpi [2013-08-05] [not signed]
FF Extension: (Subject Manager) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\SubjectManager@gmail.com.xpi [2013-03-17] [not signed]
FF Extension: (Old-style (version 2) smilies) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\tb2-smilies@epfl.ch [2013-08-22] [not signed]
FF Extension: (Test Pilot for Thunderbird) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\tbtestpilot@labs.mozilla.com.xpi [2012-04-25] [not signed]
FF Extension: (XNote++) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\xnote@froihofer.net.xpi [2012-08-01] [not signed]
FF Extension: (Priority Switcher) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{0D2172E4-C5AE-465A-B80D-53A840275B5E}.xpi [2013-08-19] [not signed]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}-trash [2013-08-22] [not signed]
FF Extension: (CompactHeader) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi [2013-02-19] [not signed]
FF Extension: (QuickMenuMC) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{71e95839-6f7e-470d-be54-77012fec6313} [2013-08-22] [not signed]
FF Extension: (Xpunge) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{786abda0-fd14-d247-bf69-38b2fc18491b}.xpi [2012-11-23] [not signed]
FF Extension: (Quicktext) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.xpi [2012-11-23] [not signed]
FF Extension: (Clippings) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2013-08-22] [not signed]
FF Extension: (ReminderFox) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-08-22] [not signed]
FF Extension: (Quickfile) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{b1095862-e2d0-4fc0-9793-b46bc7d3ae72} [2013-08-22] [not signed]
FF Extension: (Folderpane Tools) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{b243fe83-b8a7-47de-855d-21d865243d5d} [2013-08-22] [not signed]
FF Extension: (Timestamp) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{c055dfb5-15af-428a-8a66-637c6032dddb} [2013-08-22] [not signed]
FF Extension: (accountex) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{cf3b5651-d280-49db-8df2-ff4d1c2fd47c} [2013-08-22] [not signed]
FF Extension: (FoxClocks) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-08-22] [not signed]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{D719B74B-E716-403b-91A9-1CE455AB8ccc}.xpi [2011-08-22] [not signed]
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 [2016-12-14]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> Google
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php
hxxps://www.mcssl.com/Netcart/login/login.asp?pr=1
hxxps://helpdesk.ndchost.com
hxxps://customer.ndchost.com/
hxxp://204.15.135.61/cpanel
hxxps://www.secure-ebook.com/login.jsp?myAction=login 
hxxps://www.upwork.com
 hxxps://rapidfinancial.capsulecrm.com/login
hxxps://my.mimeo.com
hxxp://www.xe.com/
hxxps://michelleassistsyou.teamwork.com
FF NetworkProxy: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> type", 0
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\ALone-live@ya.ru.xpi [2015-10-27]
FF Extension: (Dashlane) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jetpack-extension@dashlane.com.xpi [2016-08-12]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-23]
FF Extension: (open tab count widget) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jid0-x24fAzIkLoGDS5vfyNzJuT1Tits@jetpack.xpi [2016-04-28]
FF Extension: (Show Parent Folder) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\showParentFolder@alice.xpi [2016-09-14]
FF Extension: (LastPass) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\support@lastpass.com [2016-08-18]
FF Extension: (The Addon Bar (restored)) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-04]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\tineye@ideeinc.com.xpi [2016-09-03]
FF Extension: (Toolbar Buttons) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-11-17]
FF Extension: (Metal Lion Addressbar Improvements) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\{F9377909-8A25-4fb2-82D9-A0286FE9561E}.xpi [2016-04-29]
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\searchplugins\duckduckgo.xml [2015-05-18]
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\searchplugins\yahoo-avast.xml [2014-06-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-18] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-18] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Michelle\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-06-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-06] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Michelle\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-06] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxp://www.fiverr.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\pepflashplayer32_16_0_0_296.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Michelle\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (RingCentral launcher plugin) - C:\Users\Michelle\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll => No File
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2016-12-14]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Dashlane) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-12-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Rapportive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2016-02-21]
CHR Extension: (Lovense Extension) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieihelfmmpcbblkgkeomefgpadhahepk [2016-10-24]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-07]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-12-14]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2015-11-25]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-09]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-19]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-19]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-09]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-14]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-08]
CHR Extension: (Awesome Screenshot App) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfpiaehgjbbfednooihadalhehabhcjo [2016-06-20]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-09]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-08]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (DInstagram) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl [2016-11-16]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-07]
CHR Extension: (vTabs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\okpnlgbgcfchbicbhjmmhldhkbkfilce [2016-12-06]
CHR Extension: (Tab Snooze) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pdiebiamhaleloakpcgmpnenggpjbcbm [2016-12-06]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-09]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-12-10]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-26]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-26]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-26]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-26]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-26]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-01]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-01]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-01]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-01]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-01]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6 [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-14]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-14]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-14]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-14]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-14]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-14]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-14]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-14]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-14]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.VN5BKYLD5DW7MN4X37IJOCWSHE - C:\Users\Michelle\Downloads\GoogleChromePortable\App\Chrome-bin\chrome.exe
 
Opera: 
=======
OPR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Michelle\AppData\Roaming\Opera Software\Opera Stable\Extensions\foobgjfmnkeainefnnoeghobcdcidhme [2016-01-27]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-09-07]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-30] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266120 2016-10-17] (Code 42 Software)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-11-12] (ESET)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-08] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-12] (ESET)
S4 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-12] (ESET)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [729704 2010-08-06] (Realtek Semiconductor Corporation                           )
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-04-24] (The OpenVPN Project)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-13] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-09] (VMware, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-21] (Microsoft Corporation
)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Moo0 SystemMonitor v1.73 Portable\WinRing0x64.sys [14544 2008-07-27] (OpenLibSys.org)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-14 20:03 - 2016-12-14 20:03 - 00000000 ___DC C:\FRST
2016-12-11 23:52 - 2016-12-11 23:52 - 00000000 ___DC C:\Users\Michelle\AppData\Local\Private Internet Access
2016-12-11 23:52 - 2016-12-11 23:52 - 00000000 ___DC C:\Users\Michelle\AppData\Local\Crashpad
2016-12-11 23:50 - 2016-12-11 23:50 - 59955885 ____C C:\Users\Michelle\Downloads\pia-v65-installer-win.exe
2016-12-10 00:07 - 2016-12-14 14:33 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
2016-12-02 01:46 - 2016-12-02 01:46 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-29 19:31 - 2016-12-14 14:48 - 00000000 ___DC C:\Users\Michelle\AppData\LocalLow\Mozilla
2016-11-21 20:17 - 2016-11-21 20:18 - 08576448 ____C (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup524.exe
2016-11-18 20:43 - 2016-11-18 20:43 - 00162005 ____C C:\Users\Michelle\Downloads\Group Rules For Spiritual Awakening!.pdf
2016-11-18 18:10 - 2016-11-18 18:10 - 00001160 ____C C:\Users\Michelle\Desktop\4K Stogram.lnk
2016-11-18 18:10 - 2016-11-18 18:10 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2016-11-18 18:09 - 2016-11-18 18:09 - 23340792 ____C (Open Media LLC ) C:\Users\Michelle\Downloads\4kstogram_2.1.exe
2016-11-18 18:09 - 2016-11-18 18:09 - 00000000 ___DC C:\Program Files (x86)\4KDownload
2016-11-17 22:06 - 2016-12-01 23:53 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-11-16 09:25 - 2016-10-11 17:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-16 09:25 - 2016-10-11 17:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-16 09:25 - 2016-10-11 17:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-16 09:25 - 2016-10-11 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-16 09:25 - 2016-10-11 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-16 09:25 - 2016-10-11 17:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-16 09:25 - 2016-10-11 17:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-16 09:25 - 2016-10-11 17:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-16 09:25 - 2016-10-11 17:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 17:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-16 09:25 - 2016-10-11 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-16 09:25 - 2016-10-11 17:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-16 09:25 - 2016-10-11 17:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-16 09:25 - 2016-10-11 16:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-16 09:25 - 2016-10-11 16:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-16 09:25 - 2016-10-11 16:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-16 09:25 - 2016-10-11 16:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-11-16 09:25 - 2016-10-11 16:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-16 09:25 - 2016-10-11 16:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-16 09:25 - 2016-10-11 16:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-16 09:25 - 2016-10-11 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-16 09:25 - 2016-10-11 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-16 09:25 - 2016-10-11 16:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-16 09:25 - 2016-10-11 16:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-16 09:25 - 2016-10-11 16:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-16 09:25 - 2016-10-11 16:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-16 09:25 - 2016-10-11 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-16 09:25 - 2016-10-11 16:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-16 09:25 - 2016-10-11 15:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-11-16 09:25 - 2016-10-11 15:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-11-16 09:25 - 2016-10-08 15:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-16 09:25 - 2016-10-04 17:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-16 09:25 - 2016-10-04 17:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-16 09:25 - 2016-10-04 17:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-16 09:25 - 2016-10-04 17:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-16 09:25 - 2016-10-04 17:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-16 09:25 - 2016-10-04 17:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-16 09:25 - 2016-10-04 17:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-16 09:25 - 2016-10-04 17:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-14 20:02 - 2013-07-14 09:17 - 00000000 ___DC C:\Users\Michelle\AppData\LocalLow\LastPass
2016-12-14 20:00 - 2014-06-07 01:00 - 00881312 ____C C:\Users\Michelle\Network_Meter_Data.js
2016-12-14 19:58 - 2013-07-14 06:31 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming\Skype
2016-12-14 19:42 - 2015-07-15 06:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-14 19:41 - 2014-05-29 14:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-14 19:17 - 2015-03-31 07:26 - 00000544 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-510508962-3957035186-55548189-1000.job
2016-12-14 19:15 - 2013-07-14 06:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-14 19:09 - 2015-06-24 11:40 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000UA.job
2016-12-14 18:38 - 2015-05-30 08:43 - 00000640 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-510508962-3957035186-55548189-1000.job
2016-12-14 16:45 - 2013-07-14 08:28 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming\vlc
2016-12-14 14:47 - 2013-07-14 22:15 - 00000000 __RDC C:\Users\Michelle\Dropbox
2016-12-14 14:47 - 2009-07-14 06:45 - 00029936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-14 14:47 - 2009-07-14 06:45 - 00029936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-14 14:44 - 2013-10-26 06:21 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming\ClassicShell
2016-12-14 14:40 - 2014-06-07 00:34 - 00032534 ____C C:\Users\Michelle\IP_Log_Data.js
2016-12-14 14:39 - 2014-04-27 22:14 - 00000000 ___DC C:\Program Files (x86)\Opera
2016-12-14 14:33 - 2014-09-15 00:36 - 00002009 ____C C:\Users\Michelle\Desktop\Dashlane.lnk
2016-12-14 14:33 - 2014-08-31 14:39 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming\Dashlane
2016-12-14 14:30 - 2014-10-11 05:35 - 00000000 ___DC C:\ProgramData\VMware
2016-12-14 14:28 - 2013-07-14 06:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-14 14:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-14 06:19 - 2015-06-24 11:40 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000Core.job
2016-12-11 23:51 - 2014-11-01 01:18 - 00003170 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2016-12-11 23:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-12-11 23:50 - 2014-11-01 01:18 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-12-11 23:50 - 2014-11-01 01:18 - 00000000 ___DC C:\Program Files\pia_manager
2016-12-11 10:25 - 2015-05-30 08:43 - 00003682 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-510508962-3957035186-55548189-1000
2016-12-11 10:25 - 2015-03-31 07:26 - 00003586 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-510508962-3957035186-55548189-1000
2016-12-11 02:36 - 2016-04-08 07:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-11 02:36 - 2013-07-14 04:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-10 19:53 - 2014-06-07 23:09 - 00000029 ____C C:\Users\Michelle\AppData\Roaming\Network Meter_Usage.ini
2016-12-10 00:02 - 2013-07-14 03:47 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-02 01:46 - 2013-07-14 22:11 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming\Dropbox
2016-11-30 00:21 - 2015-01-08 06:17 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-11-30 00:21 - 2013-07-14 06:31 - 00000000 ___DC C:\ProgramData\Skype
2016-11-29 17:16 - 2013-08-13 00:48 - 00000000 ___DC C:\Users\Michelle\AppData\Local\ElevatedDiagnostics
2016-11-29 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-11-29 16:35 - 2009-07-14 07:13 - 00790854 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-29 06:04 - 2015-06-24 11:40 - 00003910 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000UA
2016-11-29 06:04 - 2015-06-24 11:40 - 00003514 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000Core
2016-11-25 14:24 - 2016-02-07 22:49 - 00003852 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1454878182
2016-11-23 15:20 - 2014-06-24 02:08 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-23 15:20 - 2014-06-24 02:08 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-23 15:20 - 2014-06-24 02:08 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-23 15:20 - 2014-06-24 02:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-21 20:18 - 2014-06-02 18:42 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-16 09:29 - 2013-11-10 06:08 - 00782976 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-15 02:18 - 2013-07-14 07:01 - 00002195 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 02:18 - 2013-07-14 07:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 02:21 - 2016-04-04 19:48 - 00000000 ___DC C:\Users\Michelle\AppData\Local\MEGAsync
 
==================== Files in the root of some directories =======
 
2013-11-05 21:02 - 2016-08-18 01:42 - 21874200 ____C (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-06-07 23:09 - 2016-12-10 19:53 - 0000029 ____C () C:\Users\Michelle\AppData\Roaming\Network Meter_Usage.ini
2014-07-05 09:02 - 2014-07-05 09:02 - 0003584 ____C () C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-07 00:38 - 2014-06-07 22:36 - 0007608 ____C () C:\Users\Michelle\AppData\Local\resmon.resmoncfg
2016-01-20 01:57 - 2015-11-03 00:02 - 0016800 ____C () C:\ProgramData\Z@!-0c218737-668e-4d6f-aee6-24dca70c04aa.tmp
2016-01-20 01:57 - 2015-11-03 00:02 - 0015776 ____C () C:\ProgramData\Z@S!-d15bbb51-94c7-4ffb-8859-31ab524e2098.tmp
 
Files to move or delete:
====================
C:\Users\Michelle\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Michelle\IP_Log_Data.js
C:\Users\Michelle\Network_Meter_Data.js
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-11-29 17:08
 
==================== End of FRST.txt ============================


#3 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 14 December 2016 - 01:22 PM

Here's this one.

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 AM

Posted 19 December 2016 - 01:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/634817 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 20 December 2016 - 04:32 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by Michelle (administrator) on MICHELLE-PC (20-12-2016 11:12:03)
Running from D:\Downloads
Loaded Profiles: Michelle &  (Available Profiles: Michelle)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-
 
frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not 
 
be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel
 
\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support
 
\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn
 
\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Shelltoys\Personal Assistant\assistant.exe
(SanDisk Corporation) C:\Users\Michelle\AppData\Roaming\SanDisk\Sansa Updater
 
\SansaDispatch.exe
(Akamai Technologies, Inc.) C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dashlane, Inc.) C:\Users\Michelle\AppData\Roaming\Dashlane\Dashlane.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Michelle\AppData\Roaming\Dashlane\DashlanePlugin.exe
(RingCentral) C:\Program Files (x86)\RingCentral for Windows\Softphone.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dropbox, Inc.) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files 
 
(x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files 
 
(x86)\Evernote\Evernote\EvernoteTray.exe
(Mega Limited) C:\Users\Michelle\AppData\Local\MEGAsync\MEGAsync.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files 
 
(x86)\Evernote\Evernote\Evernote.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\RingCentral for Windows\x64\SoftPhoneMapiBridge.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Stegisoft) C:\Program Files (x86)\UltraFileSearch\UltraFileSearch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared
 
\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) D:\Downloads\FRST64 (2).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default 
 
or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [pdfFactory3] => C:\Windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe 
 
[746496 2011-03-03] (FinePrint Software, LLC)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell
 
\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [461192 
 
2016-10-17] (Code 42 Software, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-
 
08-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple 
 
Application Support\APSDaemon.exe [60712 2015-05-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java 
 
Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-
 
Static\amd64\CLIStart.exe [766208 2013-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files 
 
(x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe 
 
[4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition 
 
Master 10.2\bin\EpmNews.exe
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] 
 
=> C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin 
 
Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart 
 
#1] => C:\Windows\System32\ctfmon.exe ctfmon.exe
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Personal Assistant] => C:
 
\Program Files (x86)\Shelltoys\Personal Assistant\assistant.exe [456704 2003-03-05] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [icq] => C:\Users\Michelle
 
\AppData\Roaming\ICQM\icq.exe [29919576 2013-11-06] (ICQ)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [RCUI] => "C:\Program Files 
 
(x86)\RingCentral\RingCentral Softphone\RCUI.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [RCHotKey] => "C:\Program 
 
Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [SansaDispatch] => C:\Users
 
\Michelle\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-30] 
 
(SanDisk Corporation)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [GarminExpressTrayApp] => "C:
 
\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Akamai NetSession Interface] 
 
=> C:\Users\Michelle\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-11] 
 
(Akamai Technologies, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [GoogleDriveSync] => C:
 
\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Dashlane] => C:\Users
 
\Michelle\AppData\Roaming\Dashlane\Dashlane.exe [478592 2016-12-07] (Dashlane, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [CCleaner Monitoring] => C:
 
\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [ Maintance] => "C:\Program 
 
Files\\net1.exe" windowsStartup
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Dropbox Update] => C:\Users
 
\Michelle\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, 
 
Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [DashlanePlugin] => C:\Users
 
\Michelle\AppData\Roaming\Dashlane\DashlanePlugin.exe [536960 2016-12-07] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [RingCentral for Windows] => 
 
C:\Program Files (x86)\RingCentral for Windows\Softphone.exe [51944920 2016-11-03] 
 
(RingCentral)
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\Run: [Upwork] => C:\Program Files 
 
(x86)\Upwork\upwork.exe [2267912 2016-08-19] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\RunOnce: [FlashPlayerUpdate] => C:
 
\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe -update pepperplugin
HKU\S-1-5-21-510508962-3957035186-55548189-1000\...\MountPoints2: {0d1d08ec-e336-11e3-
 
a155-806e6f6e6963} - J:\start.exe
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [Personal Assistant] => C:\Program Files (x86)\Shelltoys
 
\Personal Assistant\assistant.exe [456704 2003-03-05] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [icq] => C:\Users\Michelle\AppData\Roaming\ICQM\icq.exe 
 
[29919576 2013-11-06] (ICQ)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [RCUI] => "C:\Program Files (x86)\RingCentral\RingCentral 
 
Softphone\RCUI.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [RCHotKey] => "C:\Program Files (x86)\RingCentral\RingCentral 
 
Softphone\RCHotKey.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [SansaDispatch] => C:\Users\Michelle\AppData\Roaming\SanDisk
 
\Sansa Updater\SansaDispatch.exe [1465616 2014-06-30] (SanDisk Corporation)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin
 
\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Michelle\AppData
 
\Local\Akamai\netsession_win.exe [4691384 2015-09-11] (Akamai Technologies, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive
 
\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [Dashlane] => C:\Users\Michelle\AppData\Roaming\Dashlane
 
\Dashlane.exe [478592 2016-12-07] (Dashlane, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner
 
\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [ Maintance] => "C:\Program Files\\net1.exe" windowsStartup
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Michelle\AppData\Local\Dropbox
 
\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [DashlanePlugin] => C:\Users\Michelle\AppData\Roaming
 
\Dashlane\DashlanePlugin.exe [536960 2016-12-07] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [RingCentral for Windows] => C:\Program Files 
 
(x86)\RingCentral for Windows\Softphone.exe [51944920 2016-11-03] (RingCentral)
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [2267912 
 
2016-08-19] ()
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash
 
\FlashUtil32_23_0_0_207_pepper.exe -update pepperplugin
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\...\MountPoints2: {0d1d08ec-e336-11e3-a155-806e6f6e6963} - J:\start.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express 
 
Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Windows\System32\ctfmon.exe 
 
ctfmon.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-
 
1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] 
 
(Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-
 
1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] 
 
(Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-
 
1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] 
 
(Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} 
 
=> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-12-12] 
 
(Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-
 
BA2E9197FF8C} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] 
 
()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-
 
1DD28605D202} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] 
 
()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-
 
873BE6890637} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] 
 
()
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {1b9c95e1-ce36-3737-81c8-
 
1ec9807f03c1} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {e22ccf16-2db6-3de8-9a2c-
 
acb66b571b69} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {84878798-e5c4-3e6b-b7c4-
 
b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {01fcd170-7f0a-3b6a-b992-
 
66a7a20289b5} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No 
 
File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} 
 
=> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-
 
CDD82E34AF8B} => C:\Users\Michelle\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll 
 
[2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-
 
BA2E9197FF8C} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] 
 
()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-
 
1DD28605D202} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] 
 
()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-
 
873BE6890637} => C:\Users\Michelle\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] 
 
()
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-
 
825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass 
 
FF RunOnce.lnk [2016-08-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files
 
\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass 
 
IE RunOnce.lnk [2016-08-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files
 
\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick 
 
Pick.lnk [2013-07-16]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE 
 
(WinZip Computing, S.L.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Startup\Dropbox.lnk [2016-12-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michelle\AppData\Roaming\Dropbox\bin
 
\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Startup\EvernoteClipper.lnk [2016-06-11]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote
 
\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Startup\EvernoteTray.lnk [2016-06-11]
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote
 
\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Startup\MEGAsync.lnk [2016-06-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Michelle\AppData\Local\MEGAsync\MEGAsync.exe 
 
(Mega Limited)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Startup\Tracker.lnk [2016-03-22]
ShortcutTarget: Tracker.lnk -> C:\Program Files (x86)\Tracker\Tracker.exe (No File)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Startup\Wipe Tray Agent.lnk [2015-06-08]
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000\SOFTWARE\Policies\Google: 
 
Restriction <======= ATTENTION
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or 
 
restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6FB77BC8-AD13-4724-9132-DC8684A3FCA4}: [DhcpNameServer] 8.15.12.5 
 
8.8.8.8 192.168.10.3
Tcpip\..\Interfaces\{DA600D93-1842-4425-84CC-5817A38B27C6}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
 
hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-510508962-3957035186-55548189-1000\Software\Microsoft\Internet Explorer
 
\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files
 
\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files 
 
(x86)\LastPass\LPToolbar_x64.dll [2016-08-18] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:
 
\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft 
 
Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files
 
\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Michelle
 
\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-12-07] (Dashlane, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program 
 
Files\Classic Shell\ClassicExplorer32.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program 
 
Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut 
 
Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files 
 
(x86)\LastPass\LPToolbar.dll [2016-08-18] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:
 
\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft 
 
Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program 
 
Files\Classic Shell\ClassicIEDLL_32.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:
 
\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program 
 
Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-18] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:
 
\Program Files\Classic Shell\ClassicExplorer32.dll No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:
 
\Users\Michelle\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-12-07] (Dashlane, Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:
 
\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-18] (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} 
 
hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} 
 
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files 
 
(x86)\Common Files\Intuit\intu-res.dll [2006-06-08] ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files 
 
(x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
 
FireFox:
========
FF DefaultProfile: 6huofoaa.default
FF DefaultProfile: michelle@michelleprefers.com
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles
 
\6huofoaa.default [2013-08-04]
FF Extension: (Account Colors) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\accountcolors@DW-dev.xpi [2013-05-27] [not 
 
signed]
FF Extension: (Australis ReDesign TB) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions
 
\Australis_ReDesign_TB@Ansgar.xpi [2013-07-17] [not signed]
FF Extension: (Auto Compress File) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\AutoCompressFile@gmail.com.xpi 
 
[2013-07-25] [not signed]
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions
 
\compatibility@addons.mozilla.org.xpi [2012-02-27] [not signed]
FF Extension: (Extra Folder Columns) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\extra-cols@jminta_gmail.com.xpi 
 
[2013-04-02] [not signed]
FF Extension: (GlassMyBird) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\GlassMyBird@ArisT2_Noia4dev.xpi [2013-07-16] [not 
 
signed]
FF Extension: (Mail Tweak) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\mail-tweak@rod.whiteley [2013-07-14] [not signed]
FF Extension: (Quicker Filer) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\qfiler@eivind.rovik [2013-07-14] [not signed]
FF Extension: (QuickFolders) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\quickfolders@curious.be.xpi [2013-02-13] [not 
 
signed]
FF Extension: (Quick Folder Move) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\quickmove@mozilla.kewis.ch.xpi 
 
[2013-03-11] [not signed]
FF Extension: (Phoenity Shredder) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\shredder@phoenity.com.xpi 
 
[2013-07-16] [not signed]
FF Extension: (Silvermel) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\silvermel@pardal.de.xpi [2013-07-16] [not signed]
FF Extension: (Silvermel and Charamel XT) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\silvermelxt@pardal.de.xpi 
 
[2013-07-16] [not signed]
FF Extension: (Subject Manager) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\SubjectManager@gmail.com.xpi [2013-03-17] [not 
 
signed]
FF Extension: (Tangobird) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\Tangobird@haven667.xpi [2013-07-16] [not signed]
FF Extension: (Old-style (version 2) smilies) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\tb2-smilies@epfl.ch [2013-07-
 
14] [not signed]
FF Extension: (Test Pilot for Thunderbird) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions
 
\tbtestpilot@labs.mozilla.com.xpi [2012-04-25] [not signed]
FF Extension: (XNote++) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles
 
\6huofoaa.default\Extensions\xnote@froihofer.net.xpi [2012-08-01] [not signed]
FF Extension: (FireShot) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013-07-
 
14] [not signed]
FF Extension: (Priority Switcher) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{0D2172E4-C5AE-465A-B80D-
 
53A840275B5E} [2013-07-14] [not signed]
FF Extension: (ImportExportTools) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{3ed8cc52-86fc-4613-9026-
 
c1ef969da4c3}.xpi [2013-07-25] [not signed]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles
 
\6huofoaa.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}-trash [2013-07-14] 
 
[not signed]
FF Extension: (CompactHeader) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi [2013
 
-02-19] [not signed]
FF Extension: (QuickMenuMC) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{71e95839-6f7e-470d-be54-77012fec6313} [2013-07-
 
14] [not signed]
FF Extension: (Xpunge) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash\Profiles
 
\6huofoaa.default\Extensions\{786abda0-fd14-d247-bf69-38b2fc18491b}.xpi [2012-11-23] 
 
[not signed]
FF Extension: (Quicktext) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.xpi [2012
 
-11-23] [not signed]
FF Extension: (Clippings) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2013-08-
 
01] [not signed]
FF Extension: (ReminderFox) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-07-
 
14] [not signed]
FF Extension: (Quickfile) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{b1095862-e2d0-4fc0-9793-b46bc7d3ae72} [2013-07-
 
14] [not signed]
FF Extension: (Orthodox) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{b20783e1-e075-43bf-a2d0-bf5221c2aa84}.xpi [2013
 
-07-16] [not signed]
FF Extension: (Folderpane Tools) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{b243fe83-b8a7-47de-855d-21d865243d5d} [2013-07-
 
14] [not signed]
FF Extension: (Timestamp) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{c055dfb5-15af-428a-8a66-637c6032dddb} [2013-07-
 
14] [not signed]
FF Extension: (accountex) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{cf3b5651-d280-49db-8df2-ff4d1c2fd47c} [2013-07-
 
14] [not signed]
FF Extension: (FoxClocks) - C:\Users\Michelle\AppData\Roaming\Thunderbird.Trash
 
\Profiles\6huofoaa.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-07-
 
14] [not signed]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\Michelle\AppData
 
\Roaming\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{D719B74B-E716-403b-
 
91A9-1CE455AB8ccc}.xpi [2011-08-22] [not signed]
FF Extension: (Theme Font & Size Changer) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird.Trash\Profiles\6huofoaa.default\Extensions\{f69e22c7-bc50-414a-9269-
 
0f5c344cd94c} [2013-07-16] [not signed]
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird\Profiles\6huofoaa.default\extensions\compatibility@addons.mozilla.org.xpi 
 
[2016-05-01]
FF Extension: (XNote++) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\xnote@froihofer.net.xpi [2012-08-01] [not signed]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\Michelle\AppData
 
\Roaming\Thunderbird\Profiles\6huofoaa.default\extensions\{D719B74B-E716-403b-91A9-
 
1CE455AB8ccc}.xpi [2016-05-01]
FF Extension: (Quicktext) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.xpi [2016-05-27] 
 
[not signed]
FF Extension: (Quick Folder Move) - C:\Users\Michelle\AppData\Roaming\Thunderbird
 
\Profiles\6huofoaa.default\extensions\quickmove@mozilla.kewis.ch.xpi [2015-02-11] [not 
 
signed]
FF Extension: (Subject Manager) - C:\Users\Michelle\AppData\Roaming\Thunderbird
 
\Profiles\6huofoaa.default\extensions\SubjectManager@gmail.com.xpi [2016-10-04] [not 
 
signed]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\qfiler@eivind.rovik [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c} [not found]
FF Extension: (Silvermel and Charamel XT) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird\Profiles\6huofoaa.default\extensions\silvermelxt@pardal.de.xpi [2015-07-
 
06]
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Thunderbird\extensions
 
\{E250941A-6892-4070-9404-32C0A93B8920} [not found]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird\Profiles
 
\6huofoaa.default\extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi [not found]
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles
 
\bjqjteft.Working [2013-08-04]
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-13\Profiles
 
\6huofoaa.default [2013-08-22]
FF Extension: (abusix Spam reporter) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions
 
\abusixspamreporter@simon.pirschel.xpi [2013-08-05] [not signed]
FF Extension: (Account Colors) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-
 
08-22-13\Profiles\6huofoaa.default\Extensions\accountcolors@DW-dev.xpi [2013-05-27] 
 
[not signed]
FF Extension: (Auto Compress File) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions\AutoCompressFile@gmail.com.xpi 
 
[2013-08-15] [not signed]
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions
 
\compatibility@addons.mozilla.org.xpi [2012-02-27] [not signed]
FF Extension: (Email Security Plus) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions
 
\emailsecurityplus@paolorovelli.net.xpi [2013-08-09] [not signed]
FF Extension: (Extra Folder Columns) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions\extra-cols@jminta_gmail.com.xpi 
 
[2013-04-02] [not signed]
FF Extension: (Mail Tweak) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-
 
22-13\Profiles\6huofoaa.default\Extensions\mail-tweak@rod.whiteley [2013-08-22] [not 
 
signed]
FF Extension: (Quicker Filer) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-
 
08-22-13\Profiles\6huofoaa.default\Extensions\qfiler@eivind.rovik [2013-08-22] [not 
 
signed]
FF Extension: (QuickFolders) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08
 
-22-13\Profiles\6huofoaa.default\Extensions\quickfolders@curious.be.xpi [2013-02-13] 
 
[not signed]
FF Extension: (Quick Folder Move) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions\quickmove@mozilla.kewis.ch.xpi 
 
[2013-03-11] [not signed]
FF Extension: (Silvermel) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\silvermel@pardal.de.xpi [2013-08-05] [not 
 
signed]
FF Extension: (Silvermel and Charamel XT) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions
 
\silvermelxt@pardal.de.xpi [2013-08-05] [not signed]
FF Extension: (Subject Manager) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions\SubjectManager@gmail.com.xpi [2013-
 
03-17] [not signed]
FF Extension: (Old-style (version 2) smilies) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\tb2-smilies@epfl.ch 
 
[2013-08-22] [not signed]
FF Extension: (Test Pilot for Thunderbird) - C:\Users\Michelle\AppData\Roaming
 
\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions
 
\tbtestpilot@labs.mozilla.com.xpi [2012-04-25] [not signed]
FF Extension: (XNote++) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-
 
13\Profiles\6huofoaa.default\Extensions\xnote@froihofer.net.xpi [2012-08-01] [not 
 
signed]
FF Extension: (Priority Switcher) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{0D2172E4-C5AE-465A-B80D-
 
53A840275B5E}.xpi [2013-08-19] [not signed]
FF Extension: (No Name) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-
 
13\Profiles\6huofoaa.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}-trash 
 
[2013-08-22] [not signed]
FF Extension: (CompactHeader) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-
 
08-22-13\Profiles\6huofoaa.default\Extensions\{58D4392A-842E-11DE-B51A-
 
C7B855D89593}.xpi [2013-02-19] [not signed]
FF Extension: (QuickMenuMC) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-
 
22-13\Profiles\6huofoaa.default\Extensions\{71e95839-6f7e-470d-be54-77012fec6313} 
 
[2013-08-22] [not signed]
FF Extension: (Xpunge) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22-
 
13\Profiles\6huofoaa.default\Extensions\{786abda0-fd14-d247-bf69-38b2fc18491b}.xpi 
 
[2012-11-23] [not signed]
FF Extension: (Quicktext) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.xpi 
 
[2012-11-23] [not signed]
FF Extension: (Clippings) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2013-
 
08-22] [not signed]
FF Extension: (ReminderFox) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-
 
22-13\Profiles\6huofoaa.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} 
 
[2013-08-22] [not signed]
FF Extension: (Quickfile) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\{b1095862-e2d0-4fc0-9793-b46bc7d3ae72} [2013-
 
08-22] [not signed]
FF Extension: (Folderpane Tools) - C:\Users\Michelle\AppData\Roaming\Thunderbird - 
 
Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{b243fe83-b8a7-47de-855d-
 
21d865243d5d} [2013-08-22] [not signed]
FF Extension: (Timestamp) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\{c055dfb5-15af-428a-8a66-637c6032dddb} [2013-
 
08-22] [not signed]
FF Extension: (accountex) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\{cf3b5651-d280-49db-8df2-ff4d1c2fd47c} [2013-
 
08-22] [not signed]
FF Extension: (FoxClocks) - C:\Users\Michelle\AppData\Roaming\Thunderbird - Copy-08-22
 
-13\Profiles\6huofoaa.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-
 
08-22] [not signed]
FF Extension: (Signature /Auto Paste /Prefill Fourms) - C:\Users\Michelle\AppData
 
\Roaming\Thunderbird - Copy-08-22-13\Profiles\6huofoaa.default\Extensions\{D719B74B-
 
E716-403b-91A9-1CE455AB8ccc}.xpi [2011-08-22] [not signed]
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles
 
\ivkv5lzn.New-Profile-05-28-12 [2016-12-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> 
 
Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> 
 
Google
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> 
 
Yahoo! (Avast)
FF Homepage: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> 
 
hxxp://www.exoticpublishing.com/adminDB/freelancers_maintenance.php
hxxps://www.mcssl.com/Netcart/login/login.asp?pr=1
hxxps://helpdesk.ndchost.com
hxxps://customer.ndchost.com/
hxxp://204.15.135.61/cpanel
hxxps://www.secure-ebook.com/login.jsp?myAction=login 
hxxps://www.upwork.com
 hxxps://rapidfinancial.capsulecrm.com/login
hxxps://my.mimeo.com
hxxp://www.xe.com/
hxxps://michelleassistsyou.teamwork.com
FF NetworkProxy: Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12 -> type", 0
FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Michelle\AppData\Roaming\Mozilla
 
\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\ALone-live@ya.ru.xpi [2015-
 
10-27]
FF Extension: (Dashlane) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles
 
\ivkv5lzn.New-Profile-05-28-12\Extensions\jetpack-extension@dashlane.com.xpi [2016-08-
 
12]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Michelle
 
\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions
 
\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-23]
FF Extension: (open tab count widget) - C:\Users\Michelle\AppData\Roaming\Mozilla
 
\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jid0-
 
x24fAzIkLoGDS5vfyNzJuT1Tits@jetpack.xpi [2016-04-28]
FF Extension: (Show Parent Folder) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox
 
\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\showParentFolder@alice.xpi [2016-09
 
-14]
FF Extension: (LastPass) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles
 
\ivkv5lzn.New-Profile-05-28-12\Extensions\support@lastpass.com [2016-12-18]
FF Extension: (The Addon Bar (restored)) - C:\Users\Michelle\AppData\Roaming\Mozilla
 
\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\the-addon-
 
bar@GeekInTraining-GiT.xpi [2016-05-04]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Michelle\AppData\Roaming
 
\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions
 
\tineye@ideeinc.com.xpi [2016-09-03]
FF Extension: (Toolbar Buttons) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox
 
\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\{03B08592-E5B4-45ff-A0BE-
 
C1D975458688}.xpi [2016-11-17]
FF Extension: (Metal Lion Addressbar Improvements) - C:\Users\Michelle\AppData\Roaming
 
\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\{F9377909-8A25-4fb2
 
-82D9-A0286FE9561E}.xpi [2016-04-29]
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles
 
\ivkv5lzn.New-Profile-05-28-12\searchplugins\duckduckgo.xml [2015-05-18]
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles
 
\ivkv5lzn.New-Profile-05-28-12\searchplugins\yahoo-avast.xml [2014-06-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash
 
\NPSWF64_24_0_0_186.dll [2016-12-17] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll 
 
[2016-08-18] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight
 
\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:
 
\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash
 
\NPSWF32_24_0_0_186.dll [2016-12-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla 
 
Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google 
 
Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass
 
\nplastpass64.dll [2016-08-18] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:
 
\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft 
 
Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:
 
\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:
 
\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files 
 
(x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files 
 
(x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC
 
\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader
 
\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000: 
 
@citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins
 
\104\npappdetector.dll [2013-11-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000: @zoom.us/ZoomVideoPlugin -> 
 
C:\Users\Michelle\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-06-20] (Zoom Video 
 
Communications, Inc.)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData
 
\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0: @zoom.us/ZoomVideoPlugin -> C:\Users\Michelle\AppData\Roaming\Zoom
 
\bin\npzoomplugin.dll [2016-06-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins
 
\npatgpc.dll [2015-02-06] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Michelle\AppData\Roaming\mozilla\plugins
 
\npatgpc.dll [2015-02-06] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxp://www.fiverr.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific
 
\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific
 
\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application
 
\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application
 
\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash
 
\pepflashplayer32_16_0_0_296.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Michelle\AppData\Roaming
 
\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL 
 
(Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL 
 
(Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR
 
\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update
 
\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla 
 
Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Michelle
 
\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (RingCentral launcher plugin) - C:\Users\Michelle\AppData\Roaming
 
\RingCentralMeetings\bin\nprcmsplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash
 
\NPSWF32_17_0_0_134.dll => No File
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2016-12-
 
20]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Dashlane) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-12-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-
 
10]
CHR Extension: (Rapportive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2016-02-21]
CHR Extension: (Lovense Extension) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Default\Extensions\ieihelfmmpcbblkgkeomefgpadhahepk [2016-10-24]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-07]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-12-20]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2015-11-25]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-
 
12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-19]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-19]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-
 
12-10]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-
 
12-20]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-
 
12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-08]
CHR Extension: (Awesome Screenshot App) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 2\Extensions\mfpiaehgjbbfednooihadalhehabhcjo [2016-06-20]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-
 
12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 3\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-08]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-
 
12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (DInstagram) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 3\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl [2016-11-16]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 3\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-07]
CHR Extension: (vTabs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 3\Extensions\okpnlgbgcfchbicbhjmmhldhkbkfilce [2016-12-06]
CHR Extension: (Tab Snooze) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 3\Extensions\pdiebiamhaleloakpcgmpnenggpjbcbm [2016-12-06]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-
 
12-10]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-26]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-26]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Profile 4\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-
 
03-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-26]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-26]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-26]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-
 
12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-01]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-01]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-01]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-01]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Profile 5\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-
 
12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-01]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6 [2016-
 
12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-14]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-14]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-14]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-14]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User 
 
Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local
 
\Google\Chrome\User Data\Profile 6\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-
 
12-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions
 
\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-14]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle
 
\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google
 
\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-14]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data
 
\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-14]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome
 
\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\System Profile 
 
[2016-12-15]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - 
 
hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000\SOFTWARE\Google\Chrome\Extensions
 
\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - 
 
hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-
 
2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: 
 
[lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - 
 
hxxp://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.VN5BKYLD5DW7MN4X37IJOCWSHE - C:\Users\Michelle
 
\Downloads\GoogleChromePortable\App\Chrome-bin\chrome.exe
 
Opera: 
=======
OPR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Michelle\AppData
 
\Roaming\Opera Software\Opera Stable\Extensions\foobgjfmnkeainefnnoeghobcdcidhme [2016
 
-01-27]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Roaming
 
\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-09-07]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 
 
[344064 2013-12-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device 
 
Support\AppleMobileDeviceService.exe [77128 2015-05-30] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother 
 
Industries, Ltd.) [File not signed]
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266120 2016-10-
 
17] (Code 42 Software)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-11-12] (ESET)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction 
 
Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe 
 
[1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe 
 
[1136608 2016-03-10] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-
 
14] (The OpenVPN Project)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn
 
\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-
 
08-08] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA 
 
Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] 
 
(Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 
 
[59648 2013-09-20] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-12] (ESET)
S4 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-12] (ESET)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] 
 
(EZB Systems, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] 
 
(Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-20] 
 
(Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] 
 
(Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [729704 2010-08-06] (Realtek 
 
Semiconductor Corporation                           )
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-04-24] (The 
 
OpenVPN Project)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-13] (VMware, 
 
Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-09] (VMware, Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft 
 
Corporation)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-21] (Microsoft 
 
Corporation
)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Moo0 SystemMonitor v1.73 Portable
 
\WinRing0x64.sys [14544 2008-07-27] (OpenLibSys.org)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file 
 
will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-18 14:08 - 2016-12-18 14:08 - 12520606 ____C C:\Users\Michelle\Downloads
 
\lastpass_password_manager-4.1.32a-an+fx.xpi
2016-12-17 06:30 - 2016-12-17 06:31 - 01201256 ____C (Adobe Systems Incorporated) C:
 
\Users\Michelle\Downloads\flashplayer24ppau_ha_install.exe
2016-12-17 06:22 - 2016-12-20 06:22 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
2016-12-17 02:27 - 2016-12-17 02:27 - 00057235 ____C C:\Users\Michelle\Downloads
 
\HLG_Ambassadors (5).pdf
2016-12-16 00:24 - 2016-12-16 00:24 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming
 
\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-14 22:22 - 2016-11-12 21:08 - 25759744 _____ (Microsoft Corporation) C:
 
\Windows\system32\mshtml.dll
2016-12-14 22:22 - 2016-11-12 20:53 - 06049280 _____ (Microsoft Corporation) C:
 
\Windows\system32\jscript9.dll
2016-12-14 22:22 - 2016-11-12 20:17 - 20302848 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\mshtml.dll
2016-12-14 22:22 - 2016-11-12 19:41 - 15257088 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieframe.dll
2016-12-14 22:22 - 2016-11-12 19:37 - 04608000 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\jscript9.dll
2016-12-14 22:22 - 2016-11-12 19:21 - 13653504 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\ieframe.dll
2016-12-14 22:21 - 2016-11-21 20:16 - 00154856 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 22:21 - 2016-11-21 20:16 - 00095464 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\ksecdd.sys
2016-12-14 22:21 - 2016-11-21 20:12 - 01462272 _____ (Microsoft Corporation) C:
 
\Windows\system32\lsasrv.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 01212928 _____ (Microsoft Corporation) C:
 
\Windows\system32\rpcrt4.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00730624 _____ (Microsoft Corporation) C:
 
\Windows\system32\kerberos.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00690688 _____ (Microsoft Corporation) C:
 
\Windows\system32\adtschema.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00463872 _____ (Microsoft Corporation) C:
 
\Windows\system32\certcli.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00345600 _____ (Microsoft Corporation) C:
 
\Windows\system32\schannel.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00316928 _____ (Microsoft Corporation) C:
 
\Windows\system32\msv1_0.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00312320 _____ (Microsoft Corporation) C:
 
\Windows\system32\ncrypt.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00210432 _____ (Microsoft Corporation) C:
 
\Windows\system32\wdigest.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00190464 _____ (Microsoft Corporation) C:
 
\Windows\system32\rpchttp.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00146432 _____ (Microsoft Corporation) C:
 
\Windows\system32\msaudite.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00135680 _____ (Microsoft Corporation) C:
 
\Windows\system32\sspicli.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00123904 _____ (Microsoft Corporation) C:
 
\Windows\system32\bcrypt.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00109568 _____ (Microsoft Corporation) C:
 
\Windows\system32\hlink.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00086528 _____ (Microsoft Corporation) C:
 
\Windows\system32\TSpkg.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00060416 _____ (Microsoft Corporation) C:
 
\Windows\system32\msobjs.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00043520 _____ (Microsoft Corporation) C:
 
\Windows\system32\cryptbase.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00028672 _____ (Microsoft Corporation) C:
 
\Windows\system32\sspisrv.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00028160 _____ (Microsoft Corporation) C:
 
\Windows\system32\secur32.dll
2016-12-14 22:21 - 2016-11-21 20:12 - 00022016 _____ (Microsoft Corporation) C:
 
\Windows\system32\credssp.dll
2016-12-14 22:21 - 2016-11-20 18:20 - 00666112 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\rpcrt4.dll
2016-12-14 22:21 - 2016-11-20 18:20 - 00172032 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\wdigest.dll
2016-12-14 22:21 - 2016-11-20 18:20 - 00096768 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\sspicli.dll
2016-12-14 22:21 - 2016-11-20 18:20 - 00082944 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\bcrypt.dll
2016-12-14 22:21 - 2016-11-20 18:20 - 00065536 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\TSpkg.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00690688 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\adtschema.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00553472 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\kerberos.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00342528 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\certcli.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00261120 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msv1_0.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00254464 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\schannel.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00223232 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\ncrypt.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00146432 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msaudite.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00141312 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\rpchttp.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00084992 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\hlink.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00060416 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msobjs.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00022016 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\secur32.dll
2016-12-14 22:21 - 2016-11-20 18:19 - 00017408 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\credssp.dll
2016-12-14 22:21 - 2016-11-20 18:04 - 00064000 _____ (Microsoft Corporation) C:
 
\Windows\system32\auditpol.exe
2016-12-14 22:21 - 2016-11-20 17:58 - 00159744 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 22:21 - 2016-11-20 17:57 - 00291328 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 22:21 - 2016-11-20 17:57 - 00129536 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 22:21 - 2016-11-20 17:57 - 00050176 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\auditpol.exe
2016-12-14 22:21 - 2016-11-20 17:57 - 00030720 _____ (Microsoft Corporation) C:
 
\Windows\system32\lsass.exe
2016-12-14 22:21 - 2016-11-20 17:52 - 00036352 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\cryptbase.dll
2016-12-14 22:21 - 2016-11-20 16:07 - 00467392 _____ (Microsoft Corporation) C:
 
\Windows\system32\Drivers\cng.sys
2016-12-14 22:21 - 2016-11-17 18:41 - 00370920 _____ (Microsoft Corporation) C:
 
\Windows\system32\clfs.sys
2016-12-14 22:21 - 2016-11-15 01:27 - 00394448 _____ (Microsoft Corporation) C:
 
\Windows\system32\iedkcs32.dll
2016-12-14 22:21 - 2016-11-15 00:39 - 00346320 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\iedkcs32.dll
2016-12-14 22:21 - 2016-11-12 21:48 - 02724864 _____ (Microsoft Corporation) C:
 
\Windows\system32\mshtml.tlb
2016-12-14 22:21 - 2016-11-12 21:48 - 00004096 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieetwcollectorres.dll
2016-12-14 22:21 - 2016-11-12 21:28 - 00066560 _____ (Microsoft Corporation) C:
 
\Windows\system32\iesetup.dll
2016-12-14 22:21 - 2016-11-12 21:26 - 00417792 _____ (Microsoft Corporation) C:
 
\Windows\system32\html.iec
2016-12-14 22:21 - 2016-11-12 21:26 - 00048640 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieetwproxystub.dll
2016-12-14 22:21 - 2016-11-12 21:25 - 00576000 _____ (Microsoft Corporation) C:
 
\Windows\system32\vbscript.dll
2016-12-14 22:21 - 2016-11-12 21:25 - 00088064 _____ (Microsoft Corporation) C:
 
\Windows\system32\MshtmlDac.dll
2016-12-14 22:21 - 2016-11-12 21:21 - 02896384 _____ (Microsoft Corporation) C:
 
\Windows\system32\iertutil.dll
2016-12-14 22:21 - 2016-11-12 21:15 - 00054784 _____ (Microsoft Corporation) C:
 
\Windows\system32\jsproxy.dll
2016-12-14 22:21 - 2016-11-12 21:14 - 00034304 _____ (Microsoft Corporation) C:
 
\Windows\system32\iernonce.dll
2016-12-14 22:21 - 2016-11-12 21:09 - 00615936 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieui.dll
2016-12-14 22:21 - 2016-11-12 21:08 - 00144384 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieUnatt.exe
2016-12-14 22:21 - 2016-11-12 21:08 - 00114688 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieetwcollector.exe
2016-12-14 22:21 - 2016-11-12 21:07 - 00817664 _____ (Microsoft Corporation) C:
 
\Windows\system32\jscript.dll
2016-12-14 22:21 - 2016-11-12 21:07 - 00814080 _____ (Microsoft Corporation) C:
 
\Windows\system32\jscript9diag.dll
2016-12-14 22:21 - 2016-11-12 20:56 - 00968704 _____ (Microsoft Corporation) C:
 
\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 22:21 - 2016-11-12 20:52 - 00489984 _____ (Microsoft Corporation) C:
 
\Windows\system32\dxtmsft.dll
2016-12-14 22:21 - 2016-11-12 20:47 - 02724864 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\mshtml.tlb
2016-12-14 22:21 - 2016-11-12 20:41 - 00077824 _____ (Microsoft Corporation) C:
 
\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 22:21 - 2016-11-12 20:40 - 00107520 _____ (Microsoft Corporation) C:
 
\Windows\system32\inseng.dll
2016-12-14 22:21 - 2016-11-12 20:35 - 00199680 _____ (Microsoft Corporation) C:
 
\Windows\system32\msrating.dll
2016-12-14 22:21 - 2016-11-12 20:34 - 00092160 _____ (Microsoft Corporation) C:
 
\Windows\system32\mshtmled.dll
2016-12-14 22:21 - 2016-11-12 20:31 - 00315392 _____ (Microsoft Corporation) C:
 
\Windows\system32\dxtrans.dll
2016-12-14 22:21 - 2016-11-12 20:30 - 00062464 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\iesetup.dll
2016-12-14 22:21 - 2016-11-12 20:29 - 00498688 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\vbscript.dll
2016-12-14 22:21 - 2016-11-12 20:29 - 00341504 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\html.iec
2016-12-14 22:21 - 2016-11-12 20:29 - 00047616 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 22:21 - 2016-11-12 20:28 - 00152064 _____ (Microsoft Corporation) C:
 
\Windows\system32\occache.dll
2016-12-14 22:21 - 2016-11-12 20:27 - 00064000 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 22:21 - 2016-11-12 20:20 - 02287616 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\iertutil.dll
2016-12-14 22:21 - 2016-11-12 20:20 - 00047104 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\jsproxy.dll
2016-12-14 22:21 - 2016-11-12 20:19 - 00030720 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\iernonce.dll
2016-12-14 22:21 - 2016-11-12 20:15 - 00476160 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\ieui.dll
2016-12-14 22:21 - 2016-11-12 20:14 - 00663552 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\jscript.dll
2016-12-14 22:21 - 2016-11-12 20:14 - 00620032 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\jscript9diag.dll
2016-12-14 22:21 - 2016-11-12 20:14 - 00262144 _____ (Microsoft Corporation) C:
 
\Windows\system32\webcheck.dll
2016-12-14 22:21 - 2016-11-12 20:14 - 00115712 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\ieUnatt.exe
2016-12-14 22:21 - 2016-11-12 20:11 - 00725504 _____ (Microsoft Corporation) C:
 
\Windows\system32\ie4uinit.exe
2016-12-14 22:21 - 2016-11-12 20:10 - 00806912 _____ (Microsoft Corporation) C:
 
\Windows\system32\msfeeds.dll
2016-12-14 22:21 - 2016-11-12 20:08 - 02131456 _____ (Microsoft Corporation) C:
 
\Windows\system32\inetcpl.cpl
2016-12-14 22:21 - 2016-11-12 20:08 - 01359360 _____ (Microsoft Corporation) C:
 
\Windows\system32\mshtmlmedia.dll
2016-12-14 22:21 - 2016-11-12 20:03 - 00416256 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\dxtmsft.dll
2016-12-14 22:21 - 2016-11-12 19:57 - 00060416 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 22:21 - 2016-11-12 19:56 - 00091136 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\inseng.dll
2016-12-14 22:21 - 2016-11-12 19:52 - 00168960 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msrating.dll
2016-12-14 22:21 - 2016-11-12 19:51 - 00076288 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\mshtmled.dll
2016-12-14 22:21 - 2016-11-12 19:49 - 00279040 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\dxtrans.dll
2016-12-14 22:21 - 2016-11-12 19:47 - 00130048 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\occache.dll
2016-12-14 22:21 - 2016-11-12 19:40 - 00230400 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\webcheck.dll
2016-12-14 22:21 - 2016-11-12 19:38 - 00693248 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msfeeds.dll
2016-12-14 22:21 - 2016-11-12 19:36 - 02055680 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\inetcpl.cpl
2016-12-14 22:21 - 2016-11-12 19:36 - 01155072 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 22:21 - 2016-11-12 19:35 - 02920960 _____ (Microsoft Corporation) C:
 
\Windows\system32\wininet.dll
2016-12-14 22:21 - 2016-11-12 19:20 - 01543680 _____ (Microsoft Corporation) C:
 
\Windows\system32\urlmon.dll
2016-12-14 22:21 - 2016-11-12 19:11 - 00800768 _____ (Microsoft Corporation) C:
 
\Windows\system32\ieapfltr.dll
2016-12-14 22:21 - 2016-11-12 19:05 - 02444800 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\wininet.dll
2016-12-14 22:21 - 2016-11-12 19:02 - 01312256 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\urlmon.dll
2016-12-14 22:21 - 2016-11-12 19:02 - 00710144 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\ieapfltr.dll
2016-12-14 22:21 - 2016-11-10 18:32 - 01009152 _____ (Microsoft Corporation) C:
 
\Windows\system32\user32.dll
2016-12-14 22:21 - 2016-11-10 18:19 - 00833024 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\user32.dll
2016-12-14 22:21 - 2016-11-09 18:41 - 00114408 _____ (Microsoft Corporation) C:
 
\Windows\system32\consent.exe
2016-12-14 22:21 - 2016-11-09 18:33 - 03244032 _____ (Microsoft Corporation) C:
 
\Windows\system32\msi.dll
2016-12-14 22:21 - 2016-11-09 18:33 - 01941504 _____ (Microsoft Corporation) C:
 
\Windows\system32\authui.dll
2016-12-14 22:21 - 2016-11-09 18:33 - 00504320 _____ (Microsoft Corporation) C:
 
\Windows\system32\msihnd.dll
2016-12-14 22:21 - 2016-11-09 18:33 - 00070144 _____ (Microsoft Corporation) C:
 
\Windows\system32\appinfo.dll
2016-12-14 22:21 - 2016-11-09 18:33 - 00025088 _____ (Microsoft Corporation) C:
 
\Windows\system32\msimsg.dll
2016-12-14 22:21 - 2016-11-09 18:33 - 00002048 _____ (Microsoft Corporation) C:
 
\Windows\system32\tzres.dll
2016-12-14 22:21 - 2016-11-09 18:17 - 02365440 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msi.dll
2016-12-14 22:21 - 2016-11-09 18:17 - 01806848 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\authui.dll
2016-12-14 22:21 - 2016-11-09 18:17 - 00337408 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msihnd.dll
2016-12-14 22:21 - 2016-11-09 18:17 - 00025088 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msimsg.dll
2016-12-14 22:21 - 2016-11-09 18:17 - 00002048 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\tzres.dll
2016-12-14 22:21 - 2016-11-09 18:02 - 00128512 _____ (Microsoft Corporation) C:
 
\Windows\system32\msiexec.exe
2016-12-14 22:21 - 2016-11-09 17:55 - 00073216 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msiexec.exe
2016-12-14 22:21 - 2016-11-06 18:33 - 00404992 _____ (Microsoft Corporation) C:
 
\Windows\system32\gdi32.dll
2016-12-14 22:21 - 2016-11-06 18:16 - 00312832 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\gdi32.dll
2016-12-14 22:21 - 2016-11-06 18:01 - 03219456 _____ (Microsoft Corporation) C:
 
\Windows\system32\win32k.sys
2016-12-14 22:21 - 2016-10-27 17:33 - 00802304 _____ (Microsoft Corporation) C:
 
\Windows\system32\usp10.dll
2016-12-14 22:21 - 2016-10-27 17:20 - 00627712 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\usp10.dll
2016-12-14 20:03 - 2016-12-20 11:12 - 00000000 ___DC C:\FRST
2016-12-11 23:52 - 2016-12-11 23:52 - 00000000 ___DC C:\Users\Michelle\AppData\Local
 
\Private Internet Access
2016-12-11 23:52 - 2016-12-11 23:52 - 00000000 ___DC C:\Users\Michelle\AppData\Local
 
\Crashpad
2016-12-11 23:50 - 2016-12-11 23:50 - 59955885 ____C C:\Users\Michelle\Downloads\pia-
 
v65-installer-win.exe
2016-11-29 22:34 - 2016-11-29 22:34 - 00028352 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\aspnet_counters.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msvcr110_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msvcr100_clr0400.dll
2016-11-29 22:34 - 2016-11-29 22:34 - 00019112 _____ (Microsoft Corporation) C:
 
\Windows\SysWOW64\msvcp110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00030400 _____ (Microsoft Corporation) C:
 
\Windows\system32\aspnet_counters.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:
 
\Windows\system32\msvcr110_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:
 
\Windows\system32\msvcr100_clr0400.dll
2016-11-29 22:27 - 2016-11-29 22:27 - 00019112 _____ (Microsoft Corporation) C:
 
\Windows\system32\msvcp110_clr0400.dll
2016-11-29 19:31 - 2016-12-18 16:52 - 00000000 ___DC C:\Users\Michelle\AppData
 
\LocalLow\Mozilla
2016-11-21 20:17 - 2016-11-21 20:18 - 08576448 ____C (Piriform Ltd) C:\Users\Michelle
 
\Downloads\ccsetup524.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-20 11:17 - 2015-03-31 07:26 - 00000544 _____ C:\Windows\Tasks\G2MUpdateTask-S-
 
1-5-21-510508962-3957035186-55548189-1000.job
2016-12-20 11:16 - 2009-07-14 06:45 - 00029936 ____H C:\Windows\system32\7B296FB0-
 
376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-20 11:16 - 2009-07-14 06:45 - 00029936 ____H C:\Windows\system32\7B296FB0-
 
376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 11:14 - 2013-07-14 06:31 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming
 
\Skype
2016-12-20 11:11 - 2013-10-26 06:21 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming
 
\ClassicShell
2016-12-20 11:10 - 2015-06-24 11:40 - 00000930 _____ C:\Windows\Tasks
 
\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000UA.job
2016-12-20 11:00 - 2014-06-07 01:00 - 00885988 ____C C:\Users\Michelle
 
\Network_Meter_Data.js
2016-12-20 10:42 - 2015-07-15 06:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash 
 
Player Updater.job
2016-12-20 10:38 - 2015-05-30 08:43 - 00000640 _____ C:\Windows\Tasks\G2MUploadTask-S-
 
1-5-21-510508962-3957035186-55548189-1000.job
2016-12-20 10:06 - 2014-05-29 14:46 - 00192216 _____ (Malwarebytes) C:\Windows
 
\system32\Drivers\MBAMSwissArmy.sys
2016-12-20 06:09 - 2015-06-24 11:40 - 00000878 _____ C:\Windows\Tasks
 
\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000Core.job
2016-12-19 14:06 - 2014-06-07 00:34 - 00033645 ____C C:\Users\Michelle\IP_Log_Data.js
2016-12-18 16:37 - 2013-07-14 09:17 - 00000000 ___DC C:\Users\Michelle\AppData
 
\LocalLow\LastPass
2016-12-18 02:36 - 2016-04-08 07:42 - 00000892 _____ C:\Windows\Tasks\Adobe Flash 
 
Player PPAPI Notifier.job
2016-12-18 02:36 - 2013-07-14 04:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-17 13:42 - 2016-04-08 07:42 - 00003898 _____ C:\Windows\System32\Tasks\Adobe 
 
Flash Player PPAPI Notifier
2016-12-17 13:42 - 2015-07-15 06:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe 
 
Flash Player Updater
2016-12-17 13:42 - 2014-06-05 10:51 - 00802904 _____ (Adobe Systems Incorporated) C:
 
\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-17 13:42 - 2014-06-05 10:51 - 00144472 _____ (Adobe Systems Incorporated) C:
 
\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 13:42 - 2013-07-14 04:45 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-17 06:27 - 2013-07-14 22:15 - 00000000 __RDC C:\Users\Michelle\Dropbox
2016-12-17 06:20 - 2014-10-11 05:35 - 00000000 ___DC C:\ProgramData\VMware
2016-12-17 06:19 - 2013-07-14 03:47 - 00000000 ___DC C:\Program Files (x86)\Mozilla 
 
Maintenance Service
2016-12-17 06:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-17 06:17 - 2014-06-07 23:09 - 00000029 ____C C:\Users\Michelle\AppData\Roaming
 
\Network Meter_Usage.ini
2016-12-17 06:17 - 2013-07-14 08:28 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming
 
\vlc
2016-12-17 05:24 - 2014-06-24 02:08 - 00002042 _____ C:\Users\Public\Desktop\Google 
 
Slides.lnk
2016-12-17 05:24 - 2014-06-24 02:08 - 00002040 _____ C:\Users\Public\Desktop\Google 
 
Sheets.lnk
2016-12-17 05:24 - 2014-06-24 02:08 - 00002030 _____ C:\Users\Public\Desktop\Google 
 
Docs.lnk
2016-12-17 05:24 - 2014-06-24 02:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows
 
\Start Menu\Programs\Google Drive
2016-12-17 00:16 - 2013-07-14 06:47 - 00003330 _____ C:\Windows\System32\Tasks
 
\GoogleUpdateTaskMachineUA
2016-12-17 00:16 - 2013-07-14 06:47 - 00003202 _____ C:\Windows\System32\Tasks
 
\GoogleUpdateTaskMachineCore
2016-12-16 20:06 - 2016-11-17 22:06 - 00000000 ___DC C:\Program Files (x86)\Mozilla 
 
Firefox
2016-12-16 18:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2016-12-16 14:25 - 2014-04-27 22:14 - 00000000 ___DC C:\Program Files (x86)\Opera
2016-12-16 00:25 - 2013-07-14 22:11 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming
 
\Dropbox
2016-12-15 01:17 - 2013-07-14 07:01 - 00002195 ____C C:\ProgramData\Microsoft\Windows
 
\Start Menu\Programs\Google Chrome.lnk
2016-12-15 01:17 - 2013-07-14 07:01 - 00002183 _____ C:\Users\Public\Desktop\Google 
 
Chrome.lnk
2016-12-15 00:22 - 2009-07-14 06:45 - 00411040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-14 22:52 - 2013-08-01 13:15 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 22:45 - 2013-08-01 13:15 - 135632432 ____C (Microsoft Corporation) C:
 
\Windows\system32\MRT.exe
2016-12-14 22:41 - 2013-11-10 06:08 - 00782976 _____ C:\Windows
 
\SysWOW64\PerfStringBackup.INI
2016-12-14 22:41 - 2009-07-14 07:13 - 00782976 _____ C:\Windows
 
\system32\PerfStringBackup.INI
2016-12-14 22:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-12-14 14:33 - 2014-09-15 00:36 - 00002009 ____C C:\Users\Michelle\Desktop
 
\Dashlane.lnk
2016-12-14 14:33 - 2014-08-31 14:39 - 00000000 ___DC C:\Users\Michelle\AppData\Roaming
 
\Dashlane
2016-12-11 23:51 - 2014-11-01 01:18 - 00003170 _____ C:\Windows\System32\Tasks\Private 
 
Internet Access Startup
2016-12-11 23:50 - 2014-11-01 01:18 - 00027136 _____ (The OpenVPN Project) C:\Windows
 
\system32\Drivers\tap0901.sys
2016-12-11 23:50 - 2014-11-01 01:18 - 00000000 ___DC C:\Program Files\pia_manager
2016-12-11 10:25 - 2015-05-30 08:43 - 00003682 _____ C:\Windows\System32\Tasks
 
\G2MUploadTask-S-1-5-21-510508962-3957035186-55548189-1000
2016-12-11 10:25 - 2015-03-31 07:26 - 00003586 _____ C:\Windows\System32\Tasks
 
\G2MUpdateTask-S-1-5-21-510508962-3957035186-55548189-1000
2016-11-30 00:21 - 2015-01-08 06:17 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-11-30 00:21 - 2013-07-14 06:31 - 00000000 ___DC C:\ProgramData\Skype
2016-11-29 17:16 - 2013-08-13 00:48 - 00000000 ___DC C:\Users\Michelle\AppData\Local
 
\ElevatedDiagnostics
2016-11-29 17:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-11-29 06:04 - 2015-06-24 11:40 - 00003910 _____ C:\Windows\System32\Tasks
 
\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000UA
2016-11-29 06:04 - 2015-06-24 11:40 - 00003514 _____ C:\Windows\System32\Tasks
 
\DropboxUpdateTaskUserS-1-5-21-510508962-3957035186-55548189-1000Core
2016-11-25 14:24 - 2016-02-07 22:49 - 00003852 _____ C:\Windows\System32\Tasks\Opera 
 
scheduled Autoupdate 1454878182
2016-11-21 20:18 - 2014-06-02 18:42 - 00000782 _____ C:\Users\Public\Desktop
 
\CCleaner.lnk
 
==================== Files in the root of some directories =======
 
2013-11-05 21:02 - 2016-08-18 01:42 - 21874200 ____C (LastPass) C:\Program Files 
 
(x86)\Common Files\lpuninstall.exe
2014-06-07 23:09 - 2016-12-17 06:17 - 0000029 ____C () C:\Users\Michelle\AppData
 
\Roaming\Network Meter_Usage.ini
2014-07-05 09:02 - 2014-07-05 09:02 - 0003584 ____C () C:\Users\Michelle\AppData\Local
 
\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-07 00:38 - 2014-06-07 22:36 - 0007608 ____C () C:\Users\Michelle\AppData\Local
 
\resmon.resmoncfg
2016-01-20 01:57 - 2015-11-03 00:02 - 0016800 ____C () C:\ProgramData\Z@!-0c218737-
 
668e-4d6f-aee6-24dca70c04aa.tmp
2016-01-20 01:57 - 2015-11-03 00:02 - 0015776 ____C () C:\ProgramData\Z@S!-d15bbb51-
 
94c7-4ffb-8859-31ab524e2098.tmp
 
Files to move or delete:
====================
C:\Users\Michelle\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Michelle\IP_Log_Data.js
C:\Users\Michelle\Network_Meter_Data.js
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-17 08:32
 
==================== End of FRST.txt ============================

Attached Files



#6 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 20 December 2016 - 05:26 AM

Oh good, it went thru. Your site timed out while I was trying to post this.

 

As for the original CD of Win 7, I do have a copy, but many years ago a techi did something to my computer & I think he used his OEM copy to reinstall Windows. I only found this out during a talk with MS many years ago.

 

Thanks



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 20 December 2016 - 12:26 PM

ep2002:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and  I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
Just in taking a quick look, I noted that there were policy restrictions in force.  Have you set any policy restrictions on Chrome or any other programs in your computer?  If so, which programs, and would you explain why?
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 20 December 2016 - 02:11 PM

ep2002:

 

I have commenced reviewing your newest FRST logs.  There was obviously a "hiccup" when you posted the newest FRST log.  The formatting was scrambled and it took me over an hour to reformat it so that it was readable.

 

To make life easier for me, would you please always copy and paste logs into your replies, rather than attaching them as you did with the "Addition.txt" log.  Thank you for your cooperation.

 

I note that you have Akamai Netsession installed.  I would recommend that you uninstall it via the Control Panel, Add/Remove Programs.  I would not have it on my computer.  There is more information about Akamai at this link.

 

Unfortunately, real life is going to reduce the time that I have to review your logs as quickly as I would like to.  I have to be away until tomorrow afternoon.  It could be Friday until I can post back - it will depend on how much malware I detect in your logs, but be assured analyzing your logs will be my priority and my response will be on or before Friday with initial analysis results and a fixlist.txt.

 

I apologize for the delay that you have already experienced here at Bleeping Computer.  This "Logs" Forum is very busy and there are only a limited number of qualified volunteer malware removal specialists.

 

There is some cleanup to be done.  I can see a number of issues just in my preliminary review.

 

Thank you for your patience and understanding.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 22 December 2016 - 04:13 AM

Phil,

 

I only followed the instructions via the site & it said to attach that file, so I did. I've been having ISP issues, so maybe that's why it didn't upload properly. I just took a look at the file & unfortunately I can't tell if it looks all screwed up or not. It appears fine. You could have just asked me to redo it.

 

I'll copy the content from now on.

 

I uninstalled that piece of software. I didn't install it, I can tell you that much.

 

Thank you & be well.



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 22 December 2016 - 01:19 PM

ep2002:

Thank you for your patience while I analyzed your FRST logs. Thank you also for your reply.

You have a huge number of Chrome extensions and Firefox extensions running, which will consume considerable computer resources. Check out the Chrome and Firefox sections of the FRST.txt file. I have never seen so many extensions active in one log.

What is the computer used for? Is it a business computer? It has a large number of installed programs, which again would take a commensurate toll on available computer resources and performance.

I did not mean to suggest, or infer, that you had knowingly installed the Akamai NetSession program. Many malware and potentially unwanted programs (PUPs) are installed by users unknowingly because they are bundled with programs the user did intend to download and install.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Unfortunately the FRST logs show possible evidence of cracked software on your computer.

Please remove/uninstall any and all cracked software, keygens, etc., from your computer if you wish to continue receiving assistance. Bleeping Computer does not condone software piracy.

It is possible that you were unaware that such software was installed on your computer; that these are remnants remaining after such software was removed in the past, etc. I am not accusing you of anything. I just want to ensure, as a staff member of Bleeping Computer, that I am not facilitating software piracy.

If you do not wish to remove such programs, please please inform me and I will conclude your topic; otherwise, when all such programs have been removed/uninstalled from your computer, please reboot your computer.

.

:step2: Next, please run CKScanner.

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step3: Please run a new FRST scan. Because of the size of your log files, you will have to copy and paste the contents of "FRST.txt" into one reply, and then open another reply to copy and paste the contents of the "Addition.txt" file.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 24 December 2016 - 10:02 PM

Phil,

 

I have no idea what cracked software you are talking about. I haven't used cracked software in about 10 years unless it's something from that long ago. Everything I have is either free from online or I've paid for it.

 

Please tell me what you are talking about.

 

As for my extensions, again, I have no idea what you are talking about. I have maybe 2-6 add-ons on Chrome, Fx & Opera. I have slightly more on Fx at 8 (I just added some more b/c I tend to have a lot of tabs open), but no more than that. I just went to one Chrome instance & I only have 2 there that are actually enabled, so again, I have no idea hat you are talking about.

 

When you say extensions, do you mean instances/persons? Or the add-ons? If the former, yes I know, I have 5-6 Chrome persons running at once, but my computer is slow upon booting up which has nothing to do with my Chrome instances since they don't load when I reboot, I bring them up manually.

 

I'm sorry you misunderstood me. I wasn't accusing you of saying that you thought I DLed that software. I was just clarifying that I didn't even know what it was.

 

Thanks



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 25 December 2016 - 05:58 AM

ep2002:

Thank you for your post. There is evidence in the FRST logs of a "crack" used to bypass Microsoft Office 10 licensing. We don't share the details of those findings.

If you have no objections to those files and registry keys being removed, then we can proceed. First I would like you to run CKScanner for me, as detailed in Step :step2: of my previous post. They could indeed be remnants; or, they might have been installed by someone else.

As for the extensions, have a look at this from your FRST log. I have never seen so many extensions and they would compromise computer performance. There are also a tremendous number of running chrome.exe processes.
 

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Upwork\upwork.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\RingCentral for Windows\x64\SoftPhoneMapiBridge.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Stegisoft) C:\Program Files (x86)\UltraFileSearch\UltraFileSearch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FF Extension: (Roomy Bookmarks Toolbar) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\ALone-live@ya.ru.xpi [2015-10-27]
FF Extension: (Dashlane) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jetpack-extension@dashlane.com.xpi [2016-08-12]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-09-23]
FF Extension: (open tab count widget) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\jid0-x24fAzIkLoGDS5vfyNzJuT1Tits@jetpack.xpi [2016-04-28]
FF Extension: (Show Parent Folder) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\showParentFolder@alice.xpi [2016-09-14]
FF Extension: (LastPass) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\support@lastpass.com [2016-12-18]
FF Extension: (The Addon Bar (restored)) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-04]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\tineye@ideeinc.com.xpi [2016-09-03]
FF Extension: (Toolbar Buttons) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}.xpi [2016-11-17]
FF Extension: (Metal Lion Addressbar Improvements) - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\Extensions\{F9377909-8A25-4fb2-82D9-A0286FE9561E}.xpi [2016-04-29]
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\searchplugins\duckduckgo.xml [2015-05-18]
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ivkv5lzn.New-Profile-05-28-12\searchplugins\yahoo-avast.xml [2014-06-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-17] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-18] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\GoogleEarth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-18] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Michelle\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-06-20] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @zoom.us/ZoomVideoPlugin -> C:\Users\Michelle\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-06-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-06] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Michelle\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-06] (Cisco WebEx LLC)

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\pepflashplayer32_16_0_0_296.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Michelle\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (NPLastPass) - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (RingCentral launcher plugin) - C:\Users\Michelle\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll => No File
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2016-12-20]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Dashlane) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-12-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Rapportive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2016-02-21]
CHR Extension: (Lovense Extension) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieihelfmmpcbblkgkeomefgpadhahepk [2016-10-24]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-07]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-12-20]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2015-11-25]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-19]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-19]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-19]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-19]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-20]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\UserData\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-08]
CHR Extension: (Awesome Screenshot App) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfpiaehgjbbfednooihadalhehabhcjo [2016-06-20]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2016-12-06]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-08]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-08]
CHR Extension: (DInstagram) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\neppgmfjfhgdcbophaohghbgmfbinanl [2016-11-16]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-11-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-07]
CHR Extension: (vTabs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\okpnlgbgcfchbicbhjmmhldhkbkfilce [2016-12-06]
CHR Extension: (Tab Snooze) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pdiebiamhaleloakpcgmpnenggpjbcbm [2016-12-06]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-12-10]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-26]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-26]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-26]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-26]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-26]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-01]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-01]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-01]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-01]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-01]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-01]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6 [2016-12-20]
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-14]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-14]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-14]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-14]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-14]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-14]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-14]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-15]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-510508962-3957035186-55548189-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx


That is a LOT of chrome.exe processes and Chrome/Firefox extensions. Having that much running would seriously degrade computer performance.

I will await the CKScanner results. Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 25 December 2016 - 10:58 PM

Ahh, ok, now I know what you are seeing.

 

About 2-3 years ago some person I had been talking to online said she had a licensed version of Office from her company that gets tons of license keys. Because I have only the student version of 2010, it doesn't give me Powerpoint, so she installed it & it was only after I started getting warnings that I realized something was wrong. She clearly lied to me, but kept insisting that it was a REAL key.

 

I have the student version here, but I really don't want to reinstall it, then I'll loose all my toolbar settings :(

 

Extenstons - Ok, most of those weren't even enabled. I removed the ones that weren't. 

 

Processes - yes, I already told you I have 5 instances of Chrome running. I have Fx & usually Opera, but I hadn't loaded it since I rebooted. They need to stay open.

 

CKFiles - I had to run this twice b/c the first time it hung.

 

Here it is...

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\michelle\thunderbird\thunderbird-e-mail\local folders\business contacts (doing biz with them).sbd\animal crackers
c:\users\michelle\thunderbird\thunderbird-e-mail\local folders\business contacts (doing biz with them).sbd\animal crackers.msf
scanner sequence 3.LB.11.FANAOZ
 ----- EOF ----- 
 
 
Thanks Phil


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:10 AM

Posted 26 December 2016 - 12:44 PM

ep2002:

 

Thank you for your post.  That is unfortunate that your friend deceived you.  You can save your toolbar settings before uninstalling the cracked version of MSOffice 10.  See this link for more information.

 

If you want my assistance, then I have to request that the cracked copy of Microsoft Office 2010 be uninstalled.

 

It is YOUR computer, so it is YOUR decision.

 

If you do not wish to uninstall the "cracked" copy of Microsoft Office 2010, then please let me know and I will conclude your topic.

 

If you do want my assistance, then please uninstall the "cracked" copy of Microsoft Office 2010.

 

Following that, please run another FRST scan.  Please copy and paste the contents of both the FRST.txt file and the "Addition.txt" file into your next replies.  Note that due to the size of your logs, you will have to copy the contents of the "FRST.txt" file into one reply and then open another reply and copy and paste the contents of the "Addition.txt" file into the second reply.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:09:10 AM

Posted 26 December 2016 - 10:50 PM

I don't know why you keep repeating the same thing OVER & OVER again. It's starting to annoy me. I'm smart enough to understand you the first time & I feel like you are assuming things that aren't true, like about how I'm not patient when you are busy with your personal life.

 

I never said I wasn't going to uninstall it, I said I didn't want to lose the toolbar, And I thought all you had to do was just input my key instead of what she put in there, or tell me how to do it instead of uninstalling & reinstalling.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users