Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus May Be Blocking Internet Access


  • This topic is locked This topic is locked
27 replies to this topic

#1 Akureyr

Akureyr

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 19 July 2018 - 01:57 PM

Recently I started using a laptop I hadn't used in years (the previous one I posted on this forum about years ago is now doing ok). I noticed when I tried to open Chrome the windows I opened took ages to resolve (the swirly circle forever), and often resolved to disconnection messages (in fact, even posting this topic took ages to resolve and initially resolved to an error 524 screen). Also, Dropbox files hadn't updated (and weren't updating), and the task manager wasn't accessible via the usual keyboard shortcut. I Googled around and realized this could be caused by a virus, and got a quick fix to get the task manager back at least (currently CADing shows "Lock" "Change a Password" and "Task Manager" only though, so some things might still be missing). 

 

If it helps, I'm running an HP laptop computer (Envy dv4 Notebook), Windows 8. I got a screen warning my Windows was outdated, and pressed the button to get the upgrade to Windows 8.1, but it didn't work. 

 

I am worried that this could happen even while I had Online Armor, Malwarebytes etc on. Windows Defender for some reason can't be activated, and gives me an error message whenever I try: "This app has been turned off and isn't monitoring your computer. If you're using another app to check for malicious or unwanted software, use Security and Maintenance to check that app's status". I really hope to end this nightmare soon. 

 

Below are the FRST and Addition logs: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by Justin (administrator) on HP (19-07-2018 20:45:22)
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available Profiles: Justin)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAcat.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAhlp.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{7DBC7B5C-27EE-4876-8C83-D451A40ABAAA}\67.0.3396.99_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_0C96B.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_0C96B.tmp\setup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\OAui.exe [7558464 2013-10-16] (Emsisoft GmbH)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-08-21] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-18] (Apple Inc.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [294928 2018-03-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2627728 2012-09-24] (Bradford Networks)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [763000 2017-03-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Policies\Explorer: [NoLogoff] 1
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [330240 2012-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk [2014-01-31]
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
Tcpip\..\Interfaces\{949D8193-C143-4563-9969-E34A9B7BF307}: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {9852A465-F4BA-4556-AF53-15E0FB48A448} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {9852A465-F4BA-4556-AF53-15E0FB48A448} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {9852A465-F4BA-4556-AF53-15E0FB48A448} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-07-07] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-07-07] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\4yruak52.default [2018-07-19]
FF Homepage: Mozilla\Firefox\Profiles\4yruak52.default -> google.com
FF Session Restore: Mozilla\Firefox\Profiles\4yruak52.default -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-07-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-07-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-07-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-07-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default [2018-07-19]
CHR Extension: (Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-26]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-21]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-21]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (AVG SafePrice) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-07]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-26]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-24] (Amazon.com) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [304776 2018-03-26] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7607288 2018-03-26] (AVG Technologies CZ, s.r.o.)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-16] (Emsisoft GmbH)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-12-13] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-08-21] (IDT, Inc.) [File not signed]
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-16] (Emsisoft GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [189032 2018-03-26] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\Windows\System32\drivers\avgbdiska.sys [166552 2018-03-26] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [221096 2018-03-26] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [193024 2018-03-26] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [337344 2018-03-26] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [51272 2018-03-26] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [39352 2018-03-26] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [139040 2018-03-26] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [102720 2018-03-26] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [76760 2018-03-26] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1019088 2018-03-26] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [461568 2018-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [198368 2018-03-26] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [372920 2018-03-26] (AVG Technologies CZ, s.r.o.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-07-07] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-09] (Intel Corporation)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-16] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-16] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-16] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-16] (Emsisoft)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [266896 2012-06-14] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-19 20:45 - 2018-07-19 20:45 - 000000000 ____D C:\Users\Justin\Downloads\FRST-OlderVersion
2018-07-15 19:18 - 2018-07-15 19:18 - 000373032 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-14 20:23 - 2018-07-14 20:49 - 000000000 ____D C:\Users\Justin\Documents\Audacity
2018-07-14 19:51 - 2014-03-11 02:41 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2018-07-14 19:51 - 2014-03-11 02:41 - 000038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2018-07-14 19:51 - 2014-03-10 05:05 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-07-14 19:50 - 2014-03-11 02:38 - 000982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-14 19:50 - 2014-03-11 02:38 - 000684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2018-07-14 19:50 - 2014-03-11 02:38 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2018-07-14 19:50 - 2014-03-11 02:38 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2018-07-07 17:28 - 2016-01-05 22:16 - 000826328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-07 17:28 - 2016-01-05 22:16 - 000176088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-07 17:18 - 2018-07-07 17:18 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-07-07 17:18 - 2018-07-07 17:18 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-07 16:35 - 2015-10-01 15:10 - 000869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2018-07-07 16:35 - 2015-10-01 15:09 - 000875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2018-07-07 16:25 - 2015-07-09 23:46 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-07-07 16:25 - 2015-07-09 23:44 - 000322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2018-07-07 16:25 - 2015-07-09 22:17 - 005095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-07-07 16:25 - 2015-07-09 22:16 - 000269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2018-07-07 16:25 - 2015-07-01 15:00 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2018-07-07 16:25 - 2015-07-01 14:58 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2018-07-07 16:25 - 2015-07-01 13:42 - 000198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2018-07-07 16:25 - 2015-07-01 13:41 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2018-07-07 16:24 - 2015-11-16 18:17 - 006970712 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-07 16:24 - 2015-11-16 18:10 - 001821192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-07 16:24 - 2015-11-16 16:55 - 001410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-07-07 16:24 - 2015-11-16 16:42 - 000171864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-07 16:24 - 2015-11-16 16:29 - 000961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2018-07-07 16:24 - 2015-11-16 16:29 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2018-07-07 16:24 - 2015-11-16 16:29 - 000273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-07-07 16:24 - 2015-11-16 16:29 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-07-07 16:24 - 2015-11-16 16:29 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-07-07 16:24 - 2015-11-16 16:28 - 001223168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-07-07 16:24 - 2015-11-16 16:28 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-07-07 16:24 - 2015-11-16 16:28 - 000384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2018-07-07 16:24 - 2015-11-16 16:28 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-07-07 16:24 - 2015-11-16 16:27 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-07-07 16:24 - 2015-11-16 16:26 - 001637376 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 001282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 001043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-07 16:24 - 2015-11-16 16:26 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-07 16:24 - 2015-07-13 23:05 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2018-07-07 16:24 - 2015-07-13 23:05 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-07 16:24 - 2015-06-27 15:46 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-07 16:24 - 2015-06-27 15:23 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-07-07 16:24 - 2015-03-27 10:07 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2018-07-07 16:24 - 2015-03-12 07:31 - 001688576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-07-07 16:23 - 2015-09-02 15:49 - 002341376 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-07-07 16:23 - 2015-09-02 15:49 - 001850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-07-07 16:23 - 2015-09-02 15:38 - 001744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-07-07 16:23 - 2015-09-02 15:38 - 001422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-07-07 16:23 - 2015-08-05 15:52 - 001287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-07-07 16:23 - 2015-08-04 16:42 - 008858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-07-07 16:23 - 2015-08-04 16:42 - 002038784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-07-07 16:23 - 2015-08-04 16:42 - 001229824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2018-07-07 16:23 - 2015-08-04 16:42 - 000356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2018-07-07 16:23 - 2015-08-04 16:42 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2018-07-07 16:23 - 2015-08-04 15:54 - 010116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2018-07-07 16:23 - 2015-08-04 15:54 - 001399808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2018-07-07 16:23 - 2015-08-04 15:53 - 002307584 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-07-07 16:23 - 2015-08-04 15:53 - 000449024 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2018-07-07 16:23 - 2015-08-04 15:53 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2018-07-07 16:23 - 2015-07-06 18:16 - 000044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2018-07-07 16:23 - 2015-07-06 16:32 - 000281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2018-07-07 16:23 - 2015-04-13 07:32 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2018-07-07 16:23 - 2015-03-04 08:41 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2018-07-07 16:23 - 2015-03-04 08:39 - 000632832 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2018-07-07 16:23 - 2015-03-04 08:39 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2018-07-07 16:23 - 2015-03-04 06:53 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2018-07-07 16:23 - 2015-03-04 06:52 - 000676864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2018-07-07 16:23 - 2014-06-13 01:34 - 000754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-07-07 16:23 - 2014-06-13 01:29 - 002146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-07-07 16:22 - 2018-07-15 19:22 - 000038116 _____ C:\Users\Justin\Downloads\Addition.txt
2018-07-07 16:22 - 2015-08-01 18:21 - 000073352 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-07 16:22 - 2015-08-01 17:22 - 000063992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-07-07 16:22 - 2015-08-01 15:56 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-07 16:22 - 2015-08-01 15:56 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-07 16:22 - 2015-08-01 15:56 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-07 16:21 - 2018-07-19 20:45 - 000023176 _____ C:\Users\Justin\Downloads\FRST.txt
2018-07-07 16:21 - 2015-10-11 08:45 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-07-07 16:21 - 2015-10-11 08:45 - 000723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-07-07 16:21 - 2015-09-22 19:53 - 001405408 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-07 16:21 - 2015-09-22 19:53 - 001273184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-07-07 16:21 - 2015-07-30 15:11 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2018-07-07 16:21 - 2015-07-30 15:10 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-07-07 16:21 - 2014-12-18 10:51 - 000096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-07-07 16:21 - 2014-12-18 08:52 - 000889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-07-07 16:21 - 2014-12-18 08:20 - 000702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-07-07 16:20 - 2018-07-19 20:45 - 000000000 ____D C:\FRST
2018-07-07 16:19 - 2018-07-19 20:45 - 002412544 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2018-07-07 16:19 - 2015-10-27 16:46 - 000320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-07-07 16:19 - 2015-10-27 16:46 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-07-07 16:19 - 2015-10-27 16:46 - 000073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2018-07-07 16:19 - 2015-10-27 15:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-07 16:19 - 2015-10-27 15:54 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-07 16:19 - 2015-10-27 15:54 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2018-07-07 16:19 - 2015-09-23 15:10 - 000570256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-07-07 16:19 - 2015-09-23 15:10 - 000377552 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2018-07-07 16:19 - 2015-09-23 15:10 - 000332576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-07-07 16:18 - 2016-06-25 20:09 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2018-07-07 16:18 - 2015-12-04 18:29 - 001636784 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2018-07-07 16:18 - 2015-12-04 18:12 - 000793312 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2018-07-07 16:18 - 2015-12-04 18:12 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-07-07 16:18 - 2015-12-04 18:12 - 000446872 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-07-07 16:18 - 2015-12-04 18:12 - 000253624 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-07-07 16:18 - 2015-12-04 16:55 - 000612528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-07-07 16:18 - 2015-12-04 16:55 - 000463880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-07-07 16:18 - 2015-12-04 16:55 - 000324456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-07-07 16:18 - 2015-12-04 16:52 - 002842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 002615808 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 001770496 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 001376256 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 001350656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 001150464 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2018-07-07 16:18 - 2015-12-04 16:52 - 001100800 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2018-07-07 16:18 - 2015-12-04 16:52 - 001073664 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 000625152 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2018-07-07 16:18 - 2015-12-04 16:52 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 002893824 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 001593344 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 001527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 001208832 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 001174016 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 001138688 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000621056 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000323072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000289792 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000245248 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000239104 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2018-07-07 16:18 - 2015-12-04 16:51 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000230912 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000223744 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2018-07-07 16:18 - 2015-12-04 16:51 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2018-07-07 16:18 - 2015-12-04 16:51 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2018-07-07 16:18 - 2015-12-04 16:46 - 002620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 002312704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 001468928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 001374208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2018-07-07 16:18 - 2015-12-04 16:46 - 000904192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2018-07-07 16:18 - 2015-12-04 16:46 - 000846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000722944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2018-07-07 16:18 - 2015-12-04 16:46 - 000382464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-07-07 16:18 - 2015-12-04 16:46 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2018-07-07 16:18 - 2015-12-04 16:46 - 000189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2018-07-07 16:18 - 2015-12-04 16:46 - 000156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 002400256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 001453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000946688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000571392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000546304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2018-07-07 16:18 - 2015-12-04 16:45 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2018-07-07 16:18 - 2015-12-04 16:45 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2018-07-07 16:18 - 2015-12-04 16:45 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2018-07-07 16:18 - 2015-12-03 21:57 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2018-07-07 16:18 - 2015-11-05 11:55 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2018-07-07 16:18 - 2015-10-13 15:16 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-07-07 16:18 - 2015-10-13 15:16 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2018-07-07 16:18 - 2015-09-12 15:09 - 000414559 _____ C:\Windows\system32\ApnDatabase.xml
2018-07-07 16:18 - 2015-03-12 07:31 - 002048000 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2018-07-07 16:18 - 2015-03-12 07:31 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2018-07-07 16:18 - 2015-03-12 05:52 - 001933312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2018-07-07 16:18 - 2015-02-26 06:35 - 004063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-07 16:18 - 2014-12-06 09:51 - 000267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2018-07-07 16:17 - 2016-06-25 20:28 - 000050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-07 16:17 - 2016-06-25 17:55 - 001490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-07 16:17 - 2016-06-25 17:55 - 000571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-07 16:17 - 2016-06-25 17:55 - 000544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-07 16:17 - 2016-06-25 17:55 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-07 16:17 - 2016-06-25 17:55 - 000268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-07 16:17 - 2016-06-25 17:55 - 000219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-07 16:17 - 2016-06-25 17:55 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-07 16:17 - 2016-06-17 15:09 - 001208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-07 16:17 - 2016-06-04 11:42 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-07-07 16:17 - 2012-10-25 05:27 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-07-07 16:17 - 2012-10-25 05:26 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2018-07-07 16:17 - 2012-10-25 05:04 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2018-07-07 16:14 - 2015-08-01 16:50 - 017562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-07 16:14 - 2015-08-01 15:56 - 019778048 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-07 16:14 - 2015-04-25 05:41 - 000541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2018-07-07 16:14 - 2015-04-25 01:13 - 000652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2018-07-07 16:12 - 2015-07-15 18:09 - 000095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2018-07-07 16:12 - 2015-07-15 15:29 - 001333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-07-07 16:12 - 2015-06-25 20:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-07 16:12 - 2015-06-25 20:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-07 16:12 - 2015-05-02 08:28 - 000100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-07 16:12 - 2015-01-15 11:38 - 000717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-07 16:12 - 2015-01-15 11:09 - 000717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-07-07 16:12 - 2015-01-07 06:25 - 000403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-07 16:12 - 2014-03-11 02:39 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-07 16:12 - 2014-03-11 02:38 - 000027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-07 16:12 - 2014-03-10 03:27 - 000099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-07-07 16:08 - 2015-07-09 23:47 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2018-07-07 16:08 - 2015-07-09 23:47 - 000243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2018-07-07 16:08 - 2015-07-09 22:18 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2018-07-07 14:59 - 2018-07-07 15:30 - 000000000 ____D C:\AdwCleaner
2018-07-07 14:58 - 2018-07-07 14:58 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-07 14:58 - 2018-07-07 14:58 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-07 14:58 - 2018-07-07 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-07 14:58 - 2018-07-07 14:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-07 14:58 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-07-07 14:35 - 2018-07-07 16:02 - 000000000 ____D C:\Users\Justin\Downloads\JaFL_106
2018-07-07 14:34 - 2018-07-07 14:34 - 000098760 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2018-07-07 14:34 - 2018-07-07 14:34 - 000000000 ____D C:\Users\Justin\AppData\Roaming\Sun
2018-07-07 14:34 - 2018-07-07 14:34 - 000000000 ____D C:\Users\Justin\AppData\LocalLow\Sun
2018-07-07 14:34 - 2018-07-07 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-07 14:33 - 2018-07-07 14:33 - 000000000 ____D C:\ProgramData\Oracle
2018-07-07 14:33 - 2018-07-07 14:33 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-07 14:19 - 2018-07-15 19:49 - 000000000 ____D C:\Users\Justin\AppData\Roaming\audacity
2018-07-07 14:19 - 2018-07-07 14:19 - 000000000 ____D C:\Users\Justin\AppData\Local\Audacity
2018-07-07 14:17 - 2018-07-07 14:17 - 000001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2018-07-07 14:17 - 2018-07-07 14:17 - 000001007 _____ C:\Users\Public\Desktop\Audacity.lnk
2018-07-07 14:16 - 2018-07-07 14:19 - 000000000 ____D C:\Program Files (x86)\Audacity
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-19 20:44 - 2013-01-27 03:52 - 000003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFF9E34E-B035-4BE3-99D3-23527625BE7A}
2018-07-19 20:30 - 2012-07-26 09:59 - 000000000 ____D C:\Windows\CbsTemp
2018-07-19 20:16 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\AppCompat
2018-07-15 19:27 - 2018-03-26 18:37 - 000004162 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-07-15 19:23 - 2012-07-26 09:28 - 000941178 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-15 19:23 - 2012-07-26 07:37 - 000000000 ____D C:\Windows\Inf
2018-07-15 19:18 - 2012-07-26 09:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-14 20:00 - 2013-01-27 03:57 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3716624157-4244700039-366356191-1001
2018-07-07 17:39 - 2012-07-26 10:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-07 17:39 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\AUInstallAgent
2018-07-07 17:25 - 2013-03-13 18:47 - 000000000 ____D C:\Program Files\Microsoft Silverlight
2018-07-07 17:25 - 2013-03-13 18:47 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-07-07 17:21 - 2012-07-26 10:12 - 000000000 ___RD C:\Windows\ToastData
2018-07-07 17:21 - 2012-07-26 10:12 - 000000000 ____D C:\Program Files\Windows Defender
2018-07-07 17:21 - 2012-07-26 10:12 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-07-07 17:21 - 2012-07-26 07:38 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2018-07-07 17:18 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\WinStore
2018-07-07 17:04 - 2013-03-13 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-07-07 16:03 - 2018-03-26 18:33 - 000000000 ____D C:\ProgramData\AVG
2018-07-07 14:45 - 2012-07-26 09:52 - 000000000 ____D C:\Program Files\Windows Journal
2018-07-07 14:28 - 2018-03-26 18:36 - 000461568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2018-07-07 14:27 - 2012-09-11 23:01 - 000000000 ____D C:\Program Files (x86)\HP Games
2018-07-07 14:27 - 2012-09-11 23:00 - 000000000 ____D C:\ProgramData\WildTangent
2018-07-07 14:27 - 2012-09-11 23:00 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-07-07 14:23 - 2013-01-27 03:54 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-07 14:23 - 2013-01-27 03:54 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-07 14:22 - 2013-01-27 03:57 - 000000000 ____D C:\Users\Justin\AppData\Roaming\Dropbox
2018-07-07 14:20 - 2016-02-21 18:48 - 000000000 ____D C:\Users\Justin\AppData\Local\Dropbox
2018-07-07 14:20 - 2013-10-15 04:22 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-07 14:19 - 2018-03-26 17:32 - 000004452 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-07 14:19 - 2014-01-31 21:12 - 000000000 ____D C:\ProgramData\McAfee
2018-07-07 14:19 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-07 14:18 - 2012-07-26 10:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-07 14:13 - 2013-01-27 03:49 - 000000000 ____D C:\Users\Justin\AppData\Local\Packages
 
==================== Files in the root of some directories =======
 
2014-04-09 16:28 - 2014-04-17 20:03 - 000006144 _____ () C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
2016-02-21 18:43 - 2016-02-21 18:43 - 000043008 _____ () C:\Users\Justin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprqs6s_.dll
2016-02-21 18:51 - 2016-02-21 18:51 - 000043008 _____ () C:\Users\Justin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyjp3h.dll
2014-01-04 04:00 - 2008-10-15 21:42 - 000050432 _____ () C:\Users\Justin\AppData\Local\Temp\Extract.exe
2013-03-18 19:34 - 2006-10-28 07:28 - 000145184 ____R (Microsoft Corporation) C:\Users\Justin\AppData\Local\Temp\ose00000.exe
2014-01-03 22:37 - 2014-01-03 22:37 - 002958800 _____ (Hewlett-Packard                                             ) C:\Users\Justin\AppData\Local\Temp\SP63752.exe
2014-02-15 22:20 - 2014-02-15 22:20 - 044799704 _____ (Hewlett-Packard                                             ) C:\Users\Justin\AppData\Local\Temp\sp64126.exe
2014-01-03 16:32 - 2014-01-03 16:32 - 006748376 _____ (Hewlett-Packard Company                                     ) C:\Users\Justin\AppData\Local\Temp\SP64215.exe
2014-02-17 19:30 - 2017-09-27 09:33 - 000172400 _____ (HP Inc.) C:\Users\Justin\AppData\Local\Temp\UninstallHPSA.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-14 20:01
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Justin (19-07-2018 20:46:56)
Running from C:\Users\Justin\Downloads
Windows 8 (X64) (2013-01-27 01:49:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3716624157-4244700039-366356191-500 - Administrator - Disabled)
Guest (S-1-5-21-3716624157-4244700039-366356191-501 - Limited - Disabled)
Justin (S-1-5-21-3716624157-4244700039-366356191-1001 - Administrator - Enabled) => C:\Users\Justin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}) (Version: 7.2.5 - Hewlett-Packard) Hidden
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.124 - Lavasoft)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Amazon Unbox Video (HKLM-x32\...\{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.2.3046 - AVG Technologies)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bradford Persistent Agent (HKLM-x32\...\{97FBB5BD-BCAD-4075-B87B-DD1DB9A70AB6}) (Version: 2.2.8.2 - Bradford Networks)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Electronic Bluebook (HKLM-x32\...\{40555C58-DD49-467F-8EFF-8F0A21AA42A2}) (Version: 4.0.0.2 - CompuTest, LLC) Hidden
Electronic Bluebook (HKLM-x32\...\Electronic Bluebook) (Version: 4.0.0.2 - CompuTest, LLC)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Final Drive Fury (HKLM-x32\...\WTA-a81fc80a-efa3-4969-9b6c-ce1432505e19) (Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (HKLM-x32\...\WTA-e07c66b4-493a-450e-9ccb-6421d161f677) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-d266139f-67b9-4ebe-851c-eabe97dba166) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-28d4f934-306b-4277-a26e-3e73c4beb6b8) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A029F666-056B-4399-B72E-214C5990B684}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.9.24.3 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-9eacce82-e2b4-4311-aa5e-53e0ba4a0d67) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-efb13e6d-a7f6-40cd-9cc5-f406ee77bc89) (Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (HKLM-x32\...\WTA-6e469c29-eb8a-48e8-bcbf-8a22a5e3b35f) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-fad31e6c-2d22-4807-bc43-67767bfbc43c) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-f2909193-dbfd-4fb3-bd54-c2932d60efed) (Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-cb937668-e2b3-4f75-9f3b-312a5cfdbe9b) (Version: 2.2.0.98 - WildTangent) Hidden
Online Armor 6.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 6.0 - Emsisoft GmbH)
Peggle Nights (HKLM-x32\...\WTA-4ee324a0-e2db-479d-9446-aa9a0d14b93f) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-2a2b2f0a-5bd2-4bdb-862b-bf712cbdb12f) (Version: 2.2.0.98 - WildTangent) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Polar Bowler (HKLM-x32\...\WTA-bd345c11-581a-41a9-86c0-21abd9742e9f) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-0769eea8-52c3-4e9d-b4a1-99e29e899002) (Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-d1981cdf-c034-498a-8cf8-916c6874e714) (Version: 2.2.0.98 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-923a1603-7a90-40d4-8b6d-3a34429e5b0f) (Version: 2.2.0.110 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-e894d0d6-11d2-4d79-9b2e-0fcb9343094d) (Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (HKLM-x32\...\WTA-41bf6164-726f-43ad-9ff4-ddd581bf2986) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-03-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-19] (Cyberlink)
ContextMenuHandlers1: [OnlineArmorShell] -> {4F07DA46-8170-4859-9B5F-037EF2970034} => C:\Program Files (x86)\Online Armor\OAevent64.dll [2013-10-16] (Emsisoft GmbH)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-19] (Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-08-21] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-03-26] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [OnlineArmorShell] -> {4F07DA46-8170-4859-9B5F-037EF2970034} => C:\Program Files (x86)\Online Armor\OAevent64.dll [2013-10-16] (Emsisoft GmbH)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09EC3DBE-EA18-4A57-B534-8DE5F4AE5BAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-07] (Adobe Systems Incorporated)
Task: {1523AEE1-AA63-40F7-A524-8532E55DD6FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-27] (HP Inc.)
Task: {280CF9A1-917D-4C33-8E3F-C33315B28BF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-09-27] (HP Inc.)
Task: {2A8EDDC4-ED68-45C2-9AF9-08BCA537DC63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-27] (HP Inc.)
Task: {4B953C40-0E56-4B29-BFDB-8F05B18DE609} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {4EDBCE16-A545-4284-A8E5-EF8816FECF52} - System32\Tasks\{567C13E9-3647-43BC-BE1E-3EF7FDACFD08} => C:\Windows\system32\pcalua.exe -a C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe -c /InstallType:USER
Task: {52EA0475-6662-4C4B-8B6A-EFFB3B1402EF} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-03-26] (AVG Technologies CZ, s.r.o.)
Task: {53F8A5F0-3D37-4F92-AB23-34EC85C8632A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {6AD1838B-EFD7-4E30-B449-C8FAA51FA0D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-09-27] (HP Inc.)
Task: {7017F790-8801-4B65-AB97-74A0554E0DFC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {7B8EB2E1-E73E-422E-A5BF-9B3B07FCE5AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {88844F1C-148D-4526-B9A3-AD1986DF7844} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-11] (Hewlett-Packard Development Company, L.P.)
Task: {8C5822F8-9C64-4616-A9AB-5730699DD8F6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {B3FA1DF4-C13D-4577-BB0A-1089B5D6C70C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-09-27] (HP Inc.)
Task: {BFCFF81C-B259-4193-A370-9737687B2A47} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-07-07] (Adobe Systems Incorporated)
Task: {C137EEB6-A47C-4D7B-B3C4-45E42D65F3FF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {C415F8FC-9D97-4078-B77D-2E1117EFBB46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.)
Task: {CAE48042-49C4-4462-8234-D1459541A6CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {DCB4D8FB-76D2-4F16-AFA4-31150DC127D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {E1A69560-B9F7-43EC-AAC7-FBBB6E633800} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-27] (HP Inc.)
Task: {F4F8C09B-73FE-4AE9-AF2A-B7DC1A23D304} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-18 01:38 - 2015-12-18 01:38 - 000085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-18 01:38 - 2015-12-18 01:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-07-07 14:58 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000722672 _____ () c:\Program Files\AVG\Antivirus\x64\vaarclient.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000913136 _____ () C:\Program Files\AVG\Antivirus\x64\ffl2.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000342768 _____ () c:\Program Files\AVG\Antivirus\x64\StreamBack.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000327920 _____ () C:\Program Files\AVG\Antivirus\x64\tasks_core.dll
2018-03-26 18:07 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-26 18:07 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2012-07-30 15:10 - 2012-07-30 15:10 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000289008 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000281328 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-07-07 14:08 - 2018-07-07 14:08 - 005839088 _____ () C:\Program Files\AVG\Antivirus\defs\18070702\algo.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000758000 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000965872 _____ () C:\Program Files\AVG\Antivirus\shepherdsync.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 000476400 _____ () C:\Program Files\AVG\Antivirus\gui_cache.dll
2018-07-19 20:33 - 2018-07-19 20:33 - 005889264 _____ () C:\Program Files\AVG\Antivirus\defs\18071906\algo.dll
2012-09-11 23:24 - 2012-06-25 20:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-08-19 23:20 - 2012-06-08 05:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 17:34 - 2012-06-08 17:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-03-26 18:35 - 2018-03-26 18:35 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2018-07-07 15:51 - 000000834 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Hewlett-Packard Backgrounds\Svinoya_Sunset.jpg
DNS Servers: 62.2.24.158 - 62.2.17.60
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "HP Quick Launch"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Ad-Aware Browsing Protection"
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\StartupApproved\Run: => "Dropbox Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{57DEA401-29EF-494E-A7D8-A1A5FD8FB2E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0FED0097-013A-4337-A648-F67AAC01B840}] => (Allow) LPort=2869
FirewallRules: [{578F4212-90F0-40F4-A16D-E27B82093732}] => (Allow) LPort=1900
FirewallRules: [{25E8E181-CCD6-4C91-BC0A-FF152F3F1653}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{B0F6E075-464E-46DA-9680-233D7DDC7757}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{577EAEA3-6DC1-45A9-9CC8-6A2A4187B669}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{9A23B253-B624-44CD-A165-C3B2BD91B8CA}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{F90D3560-11C4-4D12-914B-9CFEEE9EB0A2}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{7722C9E4-DFB4-4062-825D-41589DA9871A}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{84AF9BBF-6632-4AC1-9824-E8D822EBE2C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5B1D3875-FE94-46A8-A859-050884E4CC8F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DB881A09-84B8-4EA7-8C4A-AEFF05668474}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6AC68E72-6E6E-49ED-90E3-79BA56B37E30}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{15F4C0BA-BA8D-4C30-A701-0B18C6641D15}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{FE579E1E-C2FE-4D2D-A3F9-C21E992CA5D8}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{BFEA9FD4-6680-4AA5-A73A-C161A918FA33}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{3A74DBA8-1E72-4D67-ACA5-4245034B30F7}] => (Allow) C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C042606-FCD0-4437-8C87-50391C9BB991}] => (Allow) C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1E37BB6F-101D-4266-A19A-CDA0E3101E41}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4FBD4411-68B9-49C1-B89C-529213E73F1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01CF8892-CD2E-4E3C-A925-5950FA31D4F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9543CC6-61E1-45DE-ACCE-5D3F6CEDDE21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD4FA051-3DF3-431A-A869-D439AADDA95E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E8F77776-0A68-4BD9-8CA6-0BB420686AF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
26-03-2018 19:07:39 Installed HP Support Assistant
07-07-2018 14:06:29 Windows Update
14-07-2018 20:01:14 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/19/2018 08:44:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 28.0.0.5186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14fc
 
Start Time: 01d41f8cac182529
 
Termination Time: 142
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: c392a86a-8b83-11e8-bebf-976792a6e7a4
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/15/2018 07:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bndaemon.exe, version: 2.2.8.2, time stamp: 0x5060c2f8
Faulting module name: bndaemon.exe, version: 2.2.8.2, time stamp: 0x5060c2f8
Exception code: 0xc0000005
Fault offset: 0x0002ca62
Faulting process id: 0x190
Faulting application start time: 0x01d41c5fe604de9b
Faulting application path: C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
Faulting module path: C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
Report Id: fc1bfc7e-8857-11e8-bebf-9ff3a569a997
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/15/2018 07:23:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/15/2018 07:16:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 80674579
 
Error: (07/15/2018 07:16:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 80674579
 
Error: (07/15/2018 07:16:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/07/2018 05:43:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15547
 
Error: (07/07/2018 05:43:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15547
 
 
System errors:
=============
Error: (07/19/2018 08:15:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bradford Persistent Agent Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/15/2018 07:17:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/07/2018 05:24:41 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/07/2018 05:24:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (07/07/2018 05:13:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB3037575).
 
Error: (07/07/2018 05:12:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2968295).
 
Error: (07/07/2018 05:11:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Security Update for Windows 8 for x64-based Systems (KB2977292).
 
Error: (07/07/2018 05:09:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Security Update for Windows 8 for x64-based Systems (KB3030377).
 
 
Windows Defender:
===================================
Date: 2016-02-21 20:57:32.461
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {C3391186-AA7F-4351-B4B7-0EE98496597D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-04-30 20:47:00.908
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {F11FC287-A28B-49E8-9418-D0B7D4533E5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2014-04-25 14:42:04.998
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {27FA4003-AC50-431A-AB8B-629FE043A6CD}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2014-04-25 14:27:59.293
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {0842E7C2-CA04-43DA-AEFB-1980907F0FE9}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2014-04-23 05:28:30.087
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {F7A13292-EED1-49A3-A4B4-FAF75A40C06D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-03-26 18:31:10.893
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.263.1173.0
Previous Signature Version: 1.221.606.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.12804.0
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-03-26 18:31:10.893
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.263.1173.0
Previous Signature Version: 1.221.606.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.12804.0
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-03-26 18:31:10.893
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.14600.4
Previous Engine Version: 1.1.12804.0
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-03-26 18:28:24.903
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.221.606.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.12804.0
Error code: 0x80244022
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-03-26 18:24:33.526
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.221.606.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.12804.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 6037.96 MB
Available physical RAM: 2909.77 MB
Total Virtual: 6997.96 MB
Available Virtual: 3475.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:672.07 GB) (Free:607.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.79 GB) (Free:2.96 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{75d988db-129f-4f20-afa0-e40de626987c}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EB24C640)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by Akureyr, 19 July 2018 - 02:05 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 20 July 2018 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Enable the Dropbox Update by running msconfig as an Administrator.
It's presentlyi disabled

================== MSCONFIG/TASK MANAGER disabled items ==
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\StartupApproved\Run: => "Dropbox Update"

---

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{7DBC7B5C-27EE-4876-8C83-D451A40ABAAA}\67.0.3396.99_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_0C96B.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_0C96B.tmp\setup.exe
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Policies\Explorer: [NoLogoff] 1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

p.s.
Windows Defender will always be disabled when AVG is Enabled. That's normal.

#3 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 21 July 2018 - 06:36 AM

Just to clarify, running the Msconfig to fix Dropbox and the later Windows key + r are two separate tasks right? To run the Msconfig, am I meant to copy the quoted text? (=====MSCONFIG/TaSK MANAGER disabled items ==HKU\etc)?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 21 July 2018 - 06:42 AM

Hi,

Windows key + r are two separate tasks right?


Yes this command will open Notepad in which you will have to copy my fix and save the file as Fixlist.txt.
It's required by the Farbar Program to remove the bad entries.

The Config issue can be done before or after the fix.

#5 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 21 July 2018 - 09:40 AM

I am unsure how to get the msconfig to fix Dropbox--does some code need to be run? I didn't see Dropbox in my currently installed programs (though I note in the past when I reinstalled it, it still didn't update properly, so it makes sense that there was some lingering disabling that prevented that even when freshly reinstalled). I guess we can work on that soon. For now I did as you asked re: the fixlist. Below is the fixlog requested: 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Justin (21-07-2018 16:24:05) Run:1
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available Profiles: Justin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{7DBC7B5C-27EE-4876-8C83-D451A40ABAAA}\67.0.3396.99_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_0C96B.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_0C96B.tmp\setup.exe
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3716624157-4244700039-366356191-1001\...\Policies\Explorer: [NoLogoff] 1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_7&idate=&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3716624157-4244700039-366356191-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Google\Update\Install\{7DBC7B5C-27EE-4876-8C83-D451A40ABAAA}\67.0.3396.99_chrome_installer.exe => Could not close process
C:\Windows\Temp\CR_0C96B.tmp\setup.exe => Could not close process
C:\Windows\Temp\CR_0C96B.tmp\setup.exe => Could not close process
"HKU\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation" => removed successfully
"HKU\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
"HKU\S-1-5-21-3716624157-4244700039-366356191-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-3716624157-4244700039-366356191-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => removed successfully
HKLM\Software\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => not found
"HKU\S-1-5-21-3716624157-4244700039-366356191-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 16:26:17 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 21 July 2018 - 11:01 AM

Hi,

If you open the TaskManger > StartUp tab, can yous see the status of Dropbox Update

If yes, then click or right click it and change the status to Enabled.

#7 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 21 July 2018 - 02:14 PM

I don't see Dropbox in the Startup tab, though other programs like "Btmshellex", "NA" (no icon) and Online Armor do appear. Is this simply because I uninstalled Dropbox some time ago? Should I install Dropbox on this laptop again and see about looking into the Startup tab in the Task Manager after that? 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 22 July 2018 - 06:33 AM

Hi,

Yes but there are entries in the Registry that were not removed.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
Dropbox
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

#9 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 22 July 2018 - 05:20 PM

Ah, I see. So we need to edit the registry items to ensure any future installs of Dropbox will go off without a hitch? Today I noticed Online Armor isn't properly searching for updates either.  Below is the log; I edited out my last name, city names, and several colleagues' last names and sensitive details from some of the search results as I belatedly realized many of them had my last name (as relates to homework and/or higher education assignments); in future, please do warn me in this regard as future file uploads may include such sensitive details (my assignments typically had my last name in to aid the grader):
 
Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Justin (23-07-2018 00:19:37)
Running from C:\Users\Justin\Downloads
Boot Mode: Normal
 
================== Search Registry: "Dropbox" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A74DBA8-1E72-4D67-ACA5-4245034B30F7}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe|Name=Dropbox|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C042606-FCD0-4437-8C87-50391C9BB991}"="v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe|Name=Dropbox|"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/C/Users/Justin/Dropbox/CERD TBB v. G dissent.pdf"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Adobe\Acrobat Reader\11.0\AVGeneral\cRecentFiles\c5]
"tDIText"="/C/Users/Justin/Dropbox/CERD TBB v. G.pdf"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Dropbox]
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Common\Internet]
"UseRWHlinkNavigation"="C:\Users\Justin\Dropbox\Equality in International Legal Instruments Older PPT.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 3"="[F00000000][T01CF4C56AC676770]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Administration\ESSCAP Hours Time Sheet.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 4"="[F00000000][T01CF42D5D17AD8B0]*C:\Users\Justin\Dropbox\Veteran's Clinic Homeless and Mental Health Intiative\Regina\LastName_Timesheet.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 5"="[F00000000][T01CF42D59F690180]*C:\Users\Justin\Dropbox\Veteran's Clinic Homeless and Mental Health Intiative\Justin\LastName_Timesheet.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 7"="[F00000000][T01CF2230BADC2D40]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Officer Folders\Operations\ESSCAP Team Leaders, Writers, Graduates List.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 9"="[F00000000][T01CF221C2D9FCDB0]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Officer Folders\Operations\ESSCAP Master contact list 2013-2014.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 10"="[F00000000][T01CF21E48994BC80]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Officer Folders\Operations\ESSCAP eboard contact list.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 11"="[F00000000][T01CF21E483BBB250]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Officer Folders\Operations\ESSCAP general contact list.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 12"="[F00000000][T01CF1DF9919F1D60]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\ESSCAP Master contact list 2013-2014.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 13"="[F00000000][T01CF1D67A340BE80]*C:\Users\Justin\Dropbox\ESSCAP Team Leaders, Writers, Graduates List.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 14"="[F00000000][T01CF1D6322F96050]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Team member database.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 19"="[F00000000][T01CEE727319740E0]*C:\Users\Justin\Dropbox\Field Placement Timesheet-Justin.xls"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 20"="[F00000000][T01CEE5A672B43E70]*C:\Users\Justin\Dropbox\Justin Student Loan as of 20131118.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 24"="[F00000000][T01CED19988882BB0]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Cases\Amicus\Patent Troll\The Team.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 25"="[F00000000][T01CEA58C53E2F3B0]*C:\Users\Justin\Dropbox\2L ST 3L brief grading assignments.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 26"="[F00000000][T01CEA06A6AF7B800]*C:\Users\Justin\Dropbox\2L ST 3L benching schedule.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 27"="[F00000000][T01CEA06A5C3D45A0]*C:\Users\Justin\Dropbox\2L ST 3L benching schedule (2).xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 28"="[F00000000][T01CEA06A502EB960]*C:\Users\Justin\Dropbox\2L ST 3L benching schedule (1).xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 29"="[F00000000][T01CEA0693B2A6F10]*C:\Users\Justin\Dropbox\ST 3L brief grading assignments.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 33"="[F00000000][T01CE4514E16A5DF0]*C:\Users\Justin\Dropbox\Resources\Law School Curve Database.xls"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 34"="[F00000000][T01CE3D35B3965D20]*C:\Users\Justin\Dropbox\Field Placement Timesheet-Justin.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 37"="[F00000000][T01CE2BF310891670]*C:\Users\Justin\Dropbox\Moot Court 1L briefs\brief grade.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 38"="[F00000000][T01CE2BE5E40DFC30]*C:\Users\Justin\Dropbox\Moot Court 1L briefs\brief grade - 146.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 39"="[F00000000][T01CE2BE4246C53A0]*C:\Users\Justin\Dropbox\Moot Court 1L briefs\brief grade - (BRIEF NUMBER) - (GRADER LAST NAME).xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Excel\File MRU]
"Item 40"="[F00000000][T01CE266B086165C0]*C:\Users\Justin\Dropbox\LA SE museums and galleries.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 1"="[F00000000][T01CF5A6749E9BCA0]*C:\Users\Justin\Dropbox\Equality in International Legal Instruments.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 2"="[F00000000][T01CF5428DA911540]*C:\Users\Justin\Dropbox\Equality in International Legal Instruments Older PPT.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 3"="[F00000000][T01CF4C575AD02590]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Administration\Manuals\ESSCAP Training 2014.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 4"="[F00000000][T01CF4C56FA4BBE00]*C:\Users\Justin\Dropbox\The ESSCAP Dropbox Folder Folder\Administration\Manuals\ESSCAP Training 2012.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 8"="[F00000000][T01CF335654185AC0]*C:\Users\Justin\Dropbox\AffirmativeAction_Paper_Background.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 20"="[F00000000][T01CEE4B2AA6488B0]*C:\Users\Justin\Dropbox\Legal Profession Firm 9 Judicial Disqualification Presentation FINAL.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 22"="[F00000000][T01CED440E271B020]*C:\Users\Justin\Dropbox\LP Firm 9 Judicial Disqualification Presentation FINAL.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 23"="[F00000000][T01CED434D4C9B5A0]*C:\Users\Justin\Dropbox\LP Presentation FINAL.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 24"="[F00000000][T01CED40852FDBA70]*C:\Users\Justin\Dropbox\Legal Profession Judge Recusal presentation Edited.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 25"="[F00000000][T01CED38759C43680]*C:\Users\Justin\Dropbox\Legal Profession Judge Recusal presentation.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 27"="[F00000000][T01CED324DCD71690]*C:\Users\Justin\Dropbox\Accounting\Margin Call PPT Most Recent.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 28"="[F00000000][T01CE2BEB1F77FFF0]*C:\Users\Justin\Dropbox\Margin Call PPT Wednesday 032713 Revised.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 29"="[F00000000][T01CE2BEA5C2010B0]*C:\Users\Justin\Dropbox\Margin Call PPT Earliest Draft.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 30"="[F00000000][T01CE270D389EC370]*C:\Users\Justin\Dropbox\Margin Call Slides with Nicola's finished slides.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 31"="[F00000000][T01CE270C39D7FC30]*C:\Users\Justin\Dropbox\Margin Call Slides with revised cover.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU]
"Item 34"="[F00000000][T01CE250C40613230]*C:\Users\Justin\Dropbox\Justin Margin Call PPT.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 1"="[F00000000][T01D3C51B0CA057A0]*C:\Users\Justin\Dropbox\Writing Sample_Withholding.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 8"="[F00000000][T01D08437234B4EB0]*C:\Users\Justin\Dropbox\Homework Files\Alternatives to International Law research.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 11"="[F00000000][T01CF60810C339AF0]*C:\Users\Justin\Dropbox\Admin Law.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 13"="[F00000000][T01CF5D78B9616420]*C:\Users\Justin\Dropbox\Admin-exam-2013.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 15"="[F00000000][T01CF5D6B8D9E0120]*C:\Users\Justin\Dropbox\admin-exam-2011.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 16"="[F00000000][T01CF5D6AFB55BB50]*C:\Users\Justin\Dropbox\Admin Comprehensive Outline_V_-_Spring_2011.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 17"="[F00000000][T01CF5D6AF82DA050]*C:\Users\Justin\Dropbox\Admin Outline Reddy.doc"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 18"="[F00000000][T01CF5D6AF6C3B010]*C:\Users\Justin\Dropbox\Admin Law.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 19"="[F00000000][T01CF5D6AF0B89960]*C:\Users\Justin\Dropbox\UN.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 20"="[F00000000][T01CF5D6AEEF98440]*C:\Users\Justin\Dropbox\Equality Seminar Paper - Draft 1.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 21"="[F00000000][T01CF5D6AEA51CE20]*C:\Users\Justin\Dropbox\Equality Seminar Paper.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 22"="[F00000000][T01CF5A75BB090E00]*C:\Users\Justin\Dropbox\Equality Seminar.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 23"="[F00000000][T01CF5A674F3DDF60]*C:\Users\Justin\Dropbox\Equality Seminar Presentation Notes.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 24"="[F00000000][T01CF598A5B8893B0]*C:\Users\Justin\Dropbox\Administrative_Law_Checklist_-_V_-_Spring_2011.doc"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 29"="[F00000000][T01CF527C394C7C90]*C:\Users\Justin\Dropbox\AFirms.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 37"="[F00000000][T01CF4ED14FB447A0]*C:\Users\Justin\Dropbox\GGG Handbook v5 Edited by Justin.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 38"="[F00000000][T01CF4EBF16DDABE0]*C:\Users\Justin\Dropbox\GGG Handbook v4 Edited by Jodi.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 40"="[F00000000][T01CF4EA4FC3CCD80]*C:\Users\Justin\Dropbox\Heller Law Review Articles.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 41"="[F00000000][T01CF4E99CEC3E060]*C:\Users\Justin\Dropbox\Homework Files\College\composition 3.dot"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 43"="[F00000000][T01CF4D32A0B67790]*C:\Users\Justin\Dropbox\Adv LW Employee Handbook Client Letter.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 44"="[F00000000][T01CF4D30FB2B4680]*C:\Users\Justin\Dropbox\GGG Handbook v3 Edited by Justin 033114.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 45"="[F00000000][T01CF4D2056095C60]*C:\Users\Justin\Dropbox\Homework Files\Religion and State 2012.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 46"="[F00000000][T01CF4D1D2406A7C0]*C:\Users\Justin\Dropbox\Chapter VII RAND study on PTSD Justin Summary.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 48"="[F00000000][T01CF4D0EFAE5D180]*C:\Users\Justin\Dropbox\Homework Files\Religion and State.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 49"="[F00000000][T01CF4D0741977AF0]*C:\Users\Justin\Dropbox\GGG Handbook v3 Edited by Justin.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\12.0\Word\File MRU]
"Item 50"="[F00000000][T01CF4D073BFCB240]*C:\Users\Justin\Dropbox\GGG Handbook v2 Edited by Justin.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Excel\File MRU]
"Item 1"="[F00000000][T01CE21A5730D1240][O00000000]*C:\Users\Justin\Dropbox\Field Placement Timesheet-Justin.xlsx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Excel\File MRU]
"Item 2"="[F00000000][T01CE03AE172E82C0][O00000000]*C:\Users\Justin\Dropbox\Firms in Asmall and mid-sized.xls"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Excel\Place MRU]
"Item 1"="[F00000000][T01CE21A5730C27E0][O00000000]*C:\Users\Justin\Dropbox\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\PowerPoint\File MRU]
"Item 1"="[F00000000][T01CE23FFABF36210][O00000000]*C:\Users\Justin\Dropbox\Justin Margin Call PPT.pptx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\PowerPoint\Place MRU]
"Item 1"="[F00000000][T01CE23FFABF18D50][O00000000]*C:\Users\Justin\Dropbox\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 1"="[F00000000][T01CE23F24F5D1080][O00000000]*C:\Users\Justin\Dropbox\Attorney General Cover Letter.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 3"="[F00000000][T01CE23EEF2E2EDF0][O00000000]*C:\Users\Justin\Dropbox\TO DO.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 4"="[F00000000][T01CE23EDDB08EE60][O00000000]*C:\Users\Justin\Dropbox\Complex Litigation.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 5"="[F00000000][T01CE23E45C1E5350][O00000000]*C:\Users\Justin\Dropbox\Accounting HW Justin 030813 Chapter 11 and 12 Review Questions.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 6"="[F00000000][T01CE23E07A384E80][O00000000]*C:\Users\Justin\Dropbox\Evidence.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 11"="[F00000000][T01CE21941159FE70][O00000000]*C:\Users\Justin\Dropbox\Field Work LA Jersey Boys brief.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 13"="[F00000000][T01CE2010A34819A0][O00000000]*C:\Users\Justin\Dropbox\Homework Files\LWRAP Brief Draft.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 14"="[F00000000][T01CE2010A12D4FF0][O00000000]*C:\Users\Justin\Dropbox\Homework Files\LWRAP Brief.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 15"="[F00000000][T01CE20107BB13660][O00000000]*C:\Users\Justin\Dropbox\Field Work LA Class Action Memorandum.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 16"="[F00000000][T01CE20101B6BD3A0][O00000000]*C:\Users\Justin\Dropbox\Homework Files\Justin LWRAP Open Memo Final.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 18"="[F00000000][T01CE1F4C725E47C0][O00000000]*C:\Users\Justin\Dropbox\Field Work LA La Dolce Vita.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 19"="[F00000000][T01CE1C1C49D215D0][O00000000]*C:\Users\Justin\Dropbox\Accounting.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 20"="[F00000000][T01CE1A7A739F8710][O00000000]*C:\Users\Justin\Dropbox\AFirms.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 22"="[F00000000][T01CE1A7751036350][O00000000]*C:\Users\Justin\Dropbox\Cover Letter.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 23"="[F00000000][T01CE1A77457551B0][O00000000]*C:\Users\Justin\Dropbox\ESSCAP Used Car case.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 24"="[F00000000][T01CE1A773EC102B0][O00000000]*C:\Users\Justin\Dropbox\DansCity 3d Section.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 25"="[F00000000][T01CE19B75CC09E80][O00000000]*C:\Users\Justin\Dropbox\LA Procedural Cheat Sheet.doc"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 26"="[F00000000][T01CE17CADBF1E9A0][O00000000]*C:\Users\Justin\Dropbox\Jessup Oral Argument.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 27"="[F00000000][T01CE17CAD133F940][O00000000]*C:\Users\Justin\Dropbox\Brief Issue 3 and 4.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 28"="[F00000000][T01CE17CABA92D260][O00000000]*C:\Users\Justin\Dropbox\Issue 3 draft.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 29"="[F00000000][T01CE17CA34447F60][O00000000]*C:\Users\Justin\Dropbox\pleadings finalish.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 30"="[F00000000][T01CE17CA13F355B0][O00000000]*C:\Users\Justin\Dropbox\Clean Hands Doctrine Argument.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 31"="[F00000000][T01CE17CA0D0E32B0][O00000000]*C:\Users\Justin\Dropbox\bench brief Justin.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 32"="[F00000000][T01CE17BE43E3F100][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\FINAL MEMORIALS\281R.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 33"="[F00000000][T01CE17BE202CE000][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\FINAL MEMORIALS\281A.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 34"="[F00000000][T01CE17BCFFD3BC80][O00000000]*C:\Users\Justin\Dropbox\Accounting HW Justin 030513 Chapter 11 Review Questions.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 35"="[F00000000][T01CE179C71939F00][O00000000]*C:\Users\Justin\Dropbox\Complex Lit notes 0227.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 37"="[F00000000][T01CE1749BD535690][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\Opponents Memorials\178R.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 38"="[F00000000][T01CE1451631D8AB0][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\IL Outline for 9-27 Meeting.doc"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 39"="[F00000000][T01CE1451523F7500][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\Issue Statements.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 40"="[F00000000][T01CE14513DECAAF0][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\Jessup Rutasia (1 and 2) brief.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 41"="[F00000000][T01CE143F3D535650][O00000000]*C:\Users\Justin\Dropbox\Internships\Justin Resume.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 42"="[F00000000][T01CE143F39303980][O00000000]*C:\Users\Justin\Dropbox\Internships\Justin Resume 2.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 43"="[F00000000][T01CE138D4F1C1500][O00000000]*C:\Users\Justin\Dropbox\Accounting HW Justin 022613 Chapter 10 Review Questions (revised but incomplete).docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 44"="[F00000000][T01CE12D976CD91F0][O00000000]*C:\Users\Justin\Dropbox\DansCity 3d_EditsReconciled Justin edited.docx"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\File MRU]
"Item 47"="[F00000000][T01CE106A49E97EE0][O00000000]*C:\Users\Justin\Dropbox\Blank Atty Desc of Legal Services and PB Report.doc"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 1"="[F00000000][T01CE23F24F5C4D30][O00000000]*C:\Users\Justin\Dropbox\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 4"="[F00000000][T01CE2010A3475650][O00000000]*C:\Users\Justin\Dropbox\Homework Files\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 5"="[F00000000][T01CE17BE43E26A60][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\FINAL MEMORIALS\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 6"="[F00000000][T01CE1749BD51CFF0][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\Opponents Memorials\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 7"="[F00000000][T01CE1451631CC760][O00000000]*C:\Users\Justin\Dropbox\Jessup 2012-2013\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 8"="[F00000000][T01CE143F3D529300][O00000000]*C:\Users\Justin\Dropbox\Internships\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Place MRU]
"Item 9"="[F00000000][T01CE0ED8204BB3C0][O00000000]*C:\Users\Justin\Dropbox\Resources\"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/LA-vManual.doc"="0x220AE4B137FECD0100F82917D6FFFFFF37315A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/LA%20Procedural%20Cheat%20Sheet.doc"="0x9DF502B337FECD0100F82917D6FFFFFF49805A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/Jessup%202012-2013/2012%20JESSUP%20COMPETITION%20BENCH%20BRIEF.docx"="0xAAD0FBEB9D04CE0100F82917D6FFFFFF6CE9590101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/Learning%20Objectives%20Memo%20%2528Sp13%2529.doc"="0x4C0E8D636C08CE0100F82917D6FFFFFF80045A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/Learning%20Objectives%20Memo.doc"="0x4C0E8D636C08CE0100F82917D6FFFFFF81045A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/433A.docx"="0x007D6171AA08CE0100F82917D6FFFFFF44065A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/DansCity%202d.2_SpadedFeb13.docx"="0x009672861E0ACE0100F82917D6FFFFFFBD275A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/LA%20Intern%20Manual.doc"="0x0789DE693F09CE0100F82917D6FFFFFF67315A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/DansCity%203d_EditsReconciled.docx"="0x2C6C4269D10ECE0100F82917D6FFFFFF46325A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/Blank%20Atty%20Desc%20of%20Legal%20Services%20and%20PB%20Report.doc"="0x5817E38E6110CE0100F82917D6FFFFFFB53D5A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents\TrustRecords]
"%USERPROFILE%/Dropbox/Accounting%20HW%20Justin%20%20022613%20Chapter%2010%20Review%20Questions%20(revised%20but%20incomplete).docx"="0xDAC1A8308D13CE0100F82917D6FFFFFF29545A0101000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\CameraMemoryOnArrival]
""="DropboxAutoplay"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\MixedContentOnArrival]
""="DropboxAutoplay"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\PlayVideoFilesOnArrival]
""="DropboxAutoplay"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\ShowPicturesOnArrival]
""="DropboxAutoplay"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\UnknownContentOnArrival]
""="DropboxAutoplay"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Dropbox Update"="0x0300000072E9E5FF22C5D301"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"Dropbox.lnk"="0x020000000000000000000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows Live\Photo Gallery]
"GalleryScopedFolders"="C:\Users\Justin\Dropbox\Drawings and Paintings
C:\Users\Justin\Pictures
C:\Users\Public\Pictures
C:\Users\Justin\Videos
C:\Users\Public\Videos"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Justin\Downloads\Dropbox 1.6.16.exe"="0x5341435001000000000000000700000028000000D887290153022A01010000000000000000000106000100002EF6C8A3A56ACD010000000000000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Justin\Downloads\DropboxInstaller.exe"="0x5341435001000000000000000700000028000000B86F050060160600010000000000000000000106000100002EF6C8A3A56ACD010000000000000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Justin\AppData\Roaming\Dropbox\bin\Dropbox.exe"="0x534143500100000000000000070000002800000010556A015C086B01010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000CB5E0300000000000300000003000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe"="0x534143500100000000000000070000002800000048960200524E0300010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000106000000200010001000000000000000000000000090720A00000000000200000002000000"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Users\Justin\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe"="$ Win7RTM"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Reader_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{EF402DF0-0B4E-42C4-A931-F38FEC08A5A8}]
"FilePath"="C:\Users\Justin\Dropbox\Jessup 2012-2013\Research\Issue 4 (Debt)\Customary (And Not So Customary) International Environmental Law.pdf"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft.windowsphotos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{6EF01C9C-C67E-4C83-881E-F5950C5CADFF}]
"FilePath"="C:\Users\Justin\Dropbox\Margin Call New Yorker.jpg"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Classes\Wow6432Node\CLSID\{75ACFFC4-F609-4B59-A9EA-B623E5E70F82}\InprocHandler32]
""="C:\Users\Justin\AppData\Local\Dropbox\Update\1.3.35.3\psuser.dll"
[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Classes\Wow6432Node\CLSID\{966A1C5F-2BBC-427B-8EFB-0E79AD125172}\InProcServer32]
""="C:\Users\Justin\AppData\Local\Dropbox\Update\1.3.35.3\psuser.dll"
 
====== End of Search ======

Edited by Akureyr, 22 July 2018 - 05:36 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 23 July 2018 - 07:08 AM

Will remove the RUN key and the Firewall setting.
The other Dropbox settings in the registry are not Enabled of used by Dropbox that you removed

Copy all the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-3716624157-4244700039-366356191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Dropbox Update"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A74DBA8-1E72-4D67-ACA5-4245034B30F7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C042606-FCD0-4437-8C87-50391C9BB991}"=-


Restart the computer when completed.

You can delete the fixme.reg file when done.
===

Learn How to Completely Remove Dropbox from Your PC
https://maxuninstaller.com/howtouninstallguides/remove-dropbox/

If you decide to remove Droplbox completely download and run the MAX Uninstaller from the page above.
===

Online Armor has is discontinued.
https://blog.emsisoft.com/en/14758/emsisoft-online-armor-support-roadmap/

Quoted from the Article
Sales end date and support roadmap

As of today, we have stopped selling Emsisoft Online Armor. New license activations will only be possible until the end of May 2015. The official end of technical support will be March 31, 2016. Though, we will still provide updates for critical issues that may be discovered until then. At the moment we can say with certainty that we will not add Windows 10 compatibility, since that requires several major changes to the codebase.


I would remove it and make sure that the Windows 8 firewall is enabled.
https://www.google.ca/search?q=enable+windows+8+fireqll&oq=enable+windows+8+fireqll&aqs=chrome..69i57.9114j0j7&sourceid=chrome&ie=UTF-8

Avg has a Firewall but I do not think it comes with the Free Version.

Let me know what problem persists.

#11 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 23 July 2018 - 01:09 PM

The Max Uninstaller doesn't show Dropbox in the search bar ("Sorry, no software found")....so I guess because the program is already uninstalled it can't function to remove all traces of Dropbox? How do I proceed to remove all traces of Dropbox now?  Also, Max Uninstaller frequently stalls when I click the application, and I typically press the "Restart [application]" button for it to function (only then does it show the program list, after I allow hard drive changes).

After restarting (following the reg merge), I was able to uninstall Online Armor and enable the Windows firewall. I deleted the fixme.reg file. Does the Windows firewall conflict with AVG or Malwarebytes?

 

The computer still starts up slowly, but with fewer Internet issues....that said, disk usage is still at 100% even with just the Chrome windows open. Though this laptop is several years old, I wonder if that's due to lingering issues or just battery life dying over time.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 24 July 2018 - 07:11 AM

Hi,

Does the Windows firewall conflict with AVG or Malwarebytes?

No. They work well together.

===

Please download and install Revo Uninstaller (Freeware) from here.

Run Revo Uninstaller and select Dropbox
Click Uninstall icon and follow the prompts
When finished choose Scan
Delete all the highlighted Registry items
Click Next
Select all the folders and files listed by Revo
Click Delete
Reboot the computer when Revo is finished.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Find out which process is using the most Disk usage.

Windows 8 Task Manager
https://blogs.windows.com/windowsexperience/2013/06/06/windows-8-task-manager-in-depth/

#13 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 24 July 2018 - 12:21 PM

"ServiceHost: Local System (18)" is taking up the most space (CPU, Disk and Memory), but in other cases I've seen "System" taking up the bulk of the disk space, or even "Microsoft Volume Shadow Copy Service".

 

Revo Uninstaller didn't detect Dropbox, and a search for it revealed 0 results. 

 

My computer is slow to recognize CTRL ALT DELETE after I press them, and right now my entire desktop has a blue screen (though the Chrome is still working fine). EDIT: Restarted computer and it was fine; log below (removed only the red items as instructed--they all seem to relate to the Recycle Bin somehow; the other items seem to relate to AdAware):
 

 

Log below:

RogueKiller V12.12.28.0 (x64) [Jul 23 2018] (Free) by Adlice Software
 
Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Justin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/24/2018 19:42:54 (Duration : 00:32:54)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 1 ¤¤¤
[PUP.BrowsingProtection] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 7 ¤¤¤
[PUP.BrowsingProtection][Folder] C:\ProgramData\Ad-Aware Browsing Protection -> Found
[PUP.Gen1][Folder] C:\Users\Justin\AppData\Local\PackageAware -> Found
[PUP.BrowsingProtection][Folder] C:\ProgramData\Ad-Aware Browsing Protection -> Found
[Root.ZeroAccess][Folder] C:\$Recycle.Bin\S-1-5-21-3716624157-4244700039-366356191-1001\$R7OBQD7\installer\l -> Found
[Root.ZeroAccess][Folder] C:\$Recycle.Bin\S-1-5-21-3716624157-4244700039-366356191-1001\$RC2MX9H\instance1\l -> Found
[Root.ZeroAccess][Folder] C:\$Recycle.Bin\S-1-5-21-3716624157-4244700039-366356191-1001\$RC2MX9H\l -> Found
[PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] 4yruak52.default : user_pref("browser.search.selectedEngine", "SecureSearch"); -> Found
[PUM.SearchEngine][Firefox:Config] 4yruak52.default : user_pref("browser.search.defaultenginename", "SecureSearch"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] 14fac56f488a06263d1b1e31f695125a
[BSP] 764aea37160e8dfdbed927d7dc569b33 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 688201 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1411051520 | Size: 26408 MB
User = LL1 ... OK
User = LL2 ... OK

Edited by Akureyr, 24 July 2018 - 01:20 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 24 July 2018 - 01:22 PM

Hi,

Will give you a fix tomorrow to remove all the Dropbox entries in the registry.

#15 Akureyr

Akureyr
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 24 July 2018 - 02:25 PM

Thanks! In the meantime, I installed Dropbox again and then uninstalled it with Revo Uninstaller just in case. I suspect those registry entries may still be there though (since I previously installed and uninstalled Dropbox multiple times before I started this topic).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users