Author Topic: [Resolved - K] mbam icon vanished from desktop and systray  (Read 201 times)

Offline sean

  • Bronze Member
  • Posts: 133
[Resolved - K] mbam icon vanished from desktop and systray
« on: November 06, 2017, 09:25:22 AM »
Hi!
This morning when I booted up, there was no mbam icon on my desktop or in the systray.  I could not find an executable file in the malwarebytes folder either.
I became nervous and ran here :)  Hopefully it's just a glitch in the new version of mbam.

I have pasted the dds files below.

Thanks!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18817
Run by Sean at 9:55:00 on 2017-11-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1970 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
Q:\140066.enu\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
mStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006604090000"
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [Dropbox Update] "C:\Users\Sean\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [HP Officejet Pro 6830 (NET)] "C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe" -deviceID "TH56561198:NW" -scfn "HP Officejet Pro 6830 (NET)" -AutoStart 1
uRun: [HP Officejet Pro 6830 (NET) #2] "C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe" -deviceID "TH5AF8335Y:NW" -scfn "HP Officejet Pro 6830 (NET) #2" -AutoStart 1
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{78361850-F8E9-473F-A676-C63B91CE8DA2} : DHCPNameServer = 192.168.1.1 71.243.0.12
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee WebAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {48A61126-9A19-4C50-A214-FF08CB94995C} - {29B24532-6CE1-41BA-8BF0-F580EA174AF1} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fsgz1jde.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=mcafee&type=C114US105D20140716&p=
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Sean\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_27_0_0_183.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-24 55856]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015-8-20 2257016]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-9 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2017-10-19 604312]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-12-18 481304]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-9 673088]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2014-7-4 24576]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-2-16 619904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-9-9 138752]
R3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2017-10-19 111608]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-2-16 13728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-10-13 116224]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 SOHDms;Sony Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-11-7 495248]
S3 SOHDs;Sony Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-9-12 79000]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\System32\drivers\sscebus.sys [2012-1-28 127488]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\System32\drivers\sscemdfl.sys [2012-1-28 18944]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\System32\drivers\sscemdm.sys [2012-1-28 161280]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2014-7-4 632704]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-1-28 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-2-16 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-2-16 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2017-11-06 13:46:07   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DEFB6B8-0D90-481F-B43A-B348927C5AD6}\offreg.2404.dll
2017-11-05 13:40:23   13771264   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DEFB6B8-0D90-481F-B43A-B348927C5AD6}\mpengine.dll
2017-11-04 01:16:50   --------   d-----w-   C:\ProgramData\MB3Migration
2017-11-04 01:16:50   --------   d-----w-   C:\ProgramData\MB3CoreBackup
2017-10-26 20:22:18   18896   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\qipcap64.dll
2017-10-13 13:48:07   126925120   -c--a-w-   C:\Windows\System32\MRT-KB890830.exe
.
==================== Find3M  ====================
.
2017-10-25 23:39:06   803328   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2017-10-25 23:39:06   144896   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-09-13 15:33:50   631176   ----a-w-   C:\Windows\System32\winresume.efi
2017-09-13 15:32:36   706792   ----a-w-   C:\Windows\System32\winload.efi
2017-09-13 15:32:35   5547752   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2017-09-13 15:32:33   95464   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2017-09-13 15:32:33   154856   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2017-09-13 15:31:56   1732864   ----a-w-   C:\Windows\System32\ntdll.dll
2017-09-13 15:27:59   731648   ----a-w-   C:\Windows\System32\kerberos.dll
2017-09-13 15:13:35   4001512   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2017-09-13 15:13:35   3945704   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2017-09-13 15:10:46   1314112   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2017-09-13 15:08:59   554496   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2017-09-13 15:05:20   324608   ----a-w-   C:\Windows\System32\drivers\nwifi.sys
2017-09-13 15:00:54   148480   ----a-w-   C:\Windows\System32\appidpolicyconverter.exe
2017-09-13 15:00:50   62464   ----a-w-   C:\Windows\System32\drivers\appid.sys
2017-09-13 15:00:50   17920   ----a-w-   C:\Windows\System32\appidcertstorecheck.exe
2017-09-13 15:00:10   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2017-09-13 14:57:12   338432   ----a-w-   C:\Windows\System32\conhost.exe
2017-09-13 14:56:20   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2017-09-13 14:53:40   159744   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2017-09-13 14:53:06   291328   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2017-09-13 14:53:04   129536   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2017-09-13 14:52:23   30720   ----a-w-   C:\Windows\System32\lsass.exe
2017-09-13 14:52:20   112640   ----a-w-   C:\Windows\System32\smss.exe
2017-09-13 14:50:26   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2017-09-13 14:47:00   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2017-09-13 14:46:59   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2017-09-13 14:46:59   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2017-09-13 14:46:58   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2017-09-13 14:46:13   36352   ----a-w-   C:\Windows\SysWow64\cryptbase.dll
2017-09-13 14:46:06   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 14:46:06   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 14:46:06   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 14:46:06   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-09-08 15:34:37   1680616   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2017-09-08 15:30:58   2319872   ----a-w-   C:\Windows\System32\tquery.dll
2017-09-08 15:30:58   149504   ----a-w-   C:\Windows\System32\t2embed.dll
2017-09-08 15:30:53   2058240   ----a-w-   C:\Windows\System32\Query.dll
2017-09-08 15:30:48   99840   ----a-w-   C:\Windows\System32\mssprxy.dll
2017-09-08 15:30:48   778240   ----a-w-   C:\Windows\System32\mssvp.dll
2017-09-08 15:30:48   75264   ----a-w-   C:\Windows\System32\msscntrs.dll
2017-09-08 15:30:48   491520   ----a-w-   C:\Windows\System32\mssph.dll
2017-09-08 15:30:48   288256   ----a-w-   C:\Windows\System32\mssphtb.dll
2017-09-08 15:30:48   2222080   ----a-w-   C:\Windows\System32\mssrch.dll
2017-09-08 15:30:48   14336   ----a-w-   C:\Windows\System32\msshooks.dll
2017-09-08 15:30:48   115200   ----a-w-   C:\Windows\System32\mssitlb.dll
2017-09-08 15:30:44   405504   ----a-w-   C:\Windows\System32\gdi32.dll
2017-09-08 15:14:08   591872   ----a-w-   C:\Windows\System32\SearchIndexer.exe
2017-09-08 15:13:47   249856   ----a-w-   C:\Windows\System32\SearchProtocolHost.exe
2017-09-08 15:13:17   113664   ----a-w-   C:\Windows\System32\SearchFilterHost.exe
2017-09-08 15:10:06   312832   ----a-w-   C:\Windows\SysWow64\gdi32.dll
2017-09-08 15:10:05   1549824   ----a-w-   C:\Windows\SysWow64\tquery.dll
2017-09-08 15:10:04   109568   ----a-w-   C:\Windows\SysWow64\t2embed.dll
2017-09-08 15:10:01   1363968   ----a-w-   C:\Windows\SysWow64\Query.dll
2017-09-08 15:09:57   666624   ----a-w-   C:\Windows\SysWow64\mssvp.dll
2017-09-08 15:09:57   59392   ----a-w-   C:\Windows\SysWow64\msscntrs.dll
2017-09-08 15:09:57   34816   ----a-w-   C:\Windows\SysWow64\mssprxy.dll
2017-09-08 15:09:57   337408   ----a-w-   C:\Windows\SysWow64\mssph.dll
2017-09-08 15:09:57   197120   ----a-w-   C:\Windows\SysWow64\mssphtb.dll
2017-09-08 15:09:57   1400320   ----a-w-   C:\Windows\SysWow64\mssrch.dll
2017-09-08 15:09:57   104448   ----a-w-   C:\Windows\SysWow64\mssitlb.dll
2017-09-08 15:00:25   3222016   ----a-w-   C:\Windows\System32\win32k.sys
2017-09-08 15:00:05   427520   ----a-w-   C:\Windows\SysWow64\SearchIndexer.exe
2017-09-08 15:00:01   164352   ----a-w-   C:\Windows\SysWow64\SearchProtocolHost.exe
2017-09-08 14:59:28   86528   ----a-w-   C:\Windows\SysWow64\SearchFilterHost.exe
2017-09-08 14:59:17   9728   ----a-w-   C:\Windows\SysWow64\msshooks.dll
2017-09-08 14:20:51   8704   ----a-w-   C:\Windows\SysWow64\msjint40.dll
2017-09-08 14:20:51   640512   ----a-w-   C:\Windows\SysWow64\mswstr10.dll
2017-09-08 14:20:50   345088   ----a-w-   C:\Windows\SysWow64\msexcl40.dll
2017-09-07 21:38:01   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2017-09-07 21:37:46   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2017-09-07 21:19:26   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2017-09-07 21:18:19   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2017-09-07 21:18:09   417792   ----a-w-   C:\Windows\System32\html.iec
2017-09-07 21:17:41   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2017-09-07 21:17:31   576512   ----a-w-   C:\Windows\System32\vbscript.dll
2017-09-07 21:01:30   116224   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2017-09-07 21:01:29   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2017-09-07 21:01:08   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2017-09-07 20:52:09   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2017-09-07 20:40:38   5982208   ----a-w-   C:\Windows\System32\jscript9.dll
2017-09-07 20:39:23   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-09-07 20:38:26   87552   ----a-w-   C:\Windows\System32\tdc.ocx
2017-09-07 20:08:43   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2017-09-07 20:08:24   2134528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2017-09-07 19:40:57   3240960   ----a-w-   C:\Windows\System32\wininet.dll
2017-09-07 19:27:09   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2017-09-07 19:11:24   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2017-09-07 19:10:41   499200   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2017-09-07 19:10:34   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2017-09-07 19:10:20   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2017-09-07 19:09:09   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2017-09-07 18:58:32   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2017-09-07 18:58:09   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2017-09-07 18:44:47   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-09-07 18:44:01   73216   ----a-w-   C:\Windows\SysWow64\tdc.ocx
2017-09-07 18:29:32   4547072   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2017-09-07 18:25:40   2058752   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2017-09-07 18:25:30   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
.
============= FINISH:  9:57:13.73 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/23/2010 12:10:54 AM
System Uptime: 11/6/2017 8:23:34 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 018D1Y
Processor: Pentium(R) Dual-Core  CPU      E5500  @ 2.80GHz | CPU 1 | 2803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 370.552 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: A2 Direct Disk Access Support Driver
Device ID: ROOT\LEGACY_A2DDA\0000
Manufacturer:
Name: A2 Direct Disk Access Support Driver
PNP Device ID: ROOT\LEGACY_A2DDA\0000
Service: A2DDA
.
==== System Restore Points ===================
.
RP484: 10/18/2017 2:08:18 PM - Windows Update
RP485: 10/24/2017 10:14:26 AM - Windows Update
RP486: 11/5/2017 8:39:10 AM - Windows Update
.
==== Installed Programs ======================
.
Ableton Live 9 Lite
Adobe Acrobat Reader DC
Adobe AIR
Adobe Community Help
Adobe Flash Player 27 ActiveX
Adobe Flash Player 27 NPAPI
Adobe Photoshop Elements 10
Adobe Photoshop Elements 2.0
Adobe Photoshop.com Inspiration Browser
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Autodesk SketchBook Express 2011 sp2
Bamboo Dock
Bamboo Tablets Tutorial
Big Fish Games: Game Manager
Bonjour
Color Efex Pro 3.0 Wacom Edition 6
Consumer In-Home Service Agreement
Cyberduck 4.6.5 (17000)
D3DX10
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dropbox
EA SPORTS Game Face Browser Plugin 1.8.0.0
Elements 10 Organizer
ESET Online Scanner v3
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
HiJackThis
HP Install Network Printer Wizard
HP Officejet Pro 6830 Basic Device Software
HP Officejet Pro 6830 Help
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Junk Mail filter update
Krita Desktop (x64) 2.9.11.0
McAfee WebAdvisor
MergeModule_x64
Microsoft .NET Framework 4.7
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Mozilla Firefox 56.0.2 (x64 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 52.4.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nik Collection
PlayMemories Home
Product Improvement Study for HP Officejet Pro 6830
PSE10 STI Installer
QuickTime
Realtek High Definition Audio Driver
Redist
Roxio Burn
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (2.0.0.4003)
Security Update for CAPICOM (KB931906)
Shared C Run-time for x64
Skype Toolbars
Skype™ 7.0
SOHLib for PlayMemories Home
swMSM
TEFView 2.75
Ulead VideoStudio SE DVD
Unity Web Player
Update for Microsoft .NET Framework 4.7 (KB4040973)
Update for Microsoft .NET Framework 4.7 (KB4043764)
USB2.0 ATV
Verizon Media Manager
VoiceOver Kit
Wacom
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
WinRAR archiver
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
11/5/2017 5:27:08 PM, Error: Schannel [36887]  - The following fatal alert was received: 20.
11/5/2017 11:05:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/3/2017 9:08:22 AM, Error: Service Control Manager [7000]  - The MBAMSwissArmy service failed to start due to the following error:  MBAMSwissArmy is not a valid Win32 application.
11/3/2017 6:11:28 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
11/2/2017 11:51:12 PM, Error: Schannel [36887]  - The following fatal alert was received: 40.
11/1/2017 9:22:22 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/1/2017 9:22:21 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/1/2017 9:22:21 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
« Last Edit: November 09, 2017, 04:39:40 PM by kevinf80 »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #1 on: November 07, 2017, 12:26:21 PM »
Hello sean,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only, that will ensure any of the tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop..

  • Double-click mb-clean.exe to run it
  • A prompt to confirm the cleanup will appear, select Yes or No
  • Yes - will proceed with the cleanup process <---- Select this option to start the tool
  • No - will exit the utility
  • The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes.
  • Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot
  • We recommend an immediate reboot <--- Do Not miss out this step
  • Suppressing the reboot may result in an incomplete cleanup
  • Upon reboot Malwarebytes will be totally removed from your system

To re-install Malwarebytes:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

  • Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....
  • When the install completes and is updated do the following:
  • Open Malwarebytes, select > "settings" > "protection tab"
  • Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....
  • Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.
Let me see those logs in your reply...

Thank you,

Kevin...

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #2 on: November 07, 2017, 05:27:47 PM »
Hi Kevin,

Thanks for your response!

FYI: I ran an eset scan today, before I received your instructions.  Here are the results:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe   a variant of Win32/HiddenStart.A potentially unsafe application   cleaned by deleting
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe   a variant of Win32/HiddenStart.A potentially unsafe application   cleaned by deleting
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV7PMW3Q\page[6].htm   HTML/FakeAlert.MD trojan   cleaned by deleting
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0DT745M\page[2].htm   HTML/FakeAlert.MD trojan   cleaned by deleting

I will follow your instructions and post the results as soon as they are available.

Thanks again!

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #3 on: November 07, 2017, 07:16:16 PM »
Hi Kevin,

Here are the logs:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/7/17
Scan Time: 6:52 PM
Log File: a946c979-c416-11e7-9f81-b8ac6fda271c.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3202
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sean-INSPIRON\Sean

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 476216
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 49 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #4 on: November 07, 2017, 07:23:41 PM »


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Sean (administrator) on SEAN-INSPIRON (07-11-2017 19:57:27)
Running from C:\Users\Sean\Desktop
Loaded Profiles: Sean (Available Profiles: Sean & Caiti & Mary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Malwarebytes) C:\Users\Sean\Desktop\mb-clean-3.1.0.1031.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dropbox, Inc.) C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() Q:\140066.enu\Office14\MSOSYNC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2367512 2013-12-18] (Sony Corporation)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [3207904 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\Run: [Dropbox Update] => C:\Users\Sean\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\Run: [HP Officejet Pro 6830 (NET) #2] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2010-12-20]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-06-09]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Caiti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-09-23]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-09]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-09-23]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-09-22]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-11-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
Tcpip\..\Interfaces\{78361850-F8E9-473F-A676-C63B91CE8DA2}: [DhcpNameServer] 192.168.1.1 71.243.0.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1402744594-715304676-2032789375-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
URLSearchHook: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {469007EE-8ACA-45F6-A0F2-5C038E2E56FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {469007EE-8ACA-45F6-A0F2-5C038E2E56FF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {2B65B07D-DD9F-4C75-B6F0-5C6998E4076B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2B65B07D-DD9F-4C75-B6F0-5C6998E4076B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> DefaultScope {927A85C0-F38C-472B-9EAA-859E1C999323} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US105D20151112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {2A453199-08C1-423E-8E56-7D5CB0D2D2AE} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US0D19700101&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {2B65B07D-DD9F-4C75-B6F0-5C6998E4076B} URL =
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {469007EE-8ACA-45F6-A0F2-5C038E2E56FF} URL =
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {927A85C0-F38C-472B-9EAA-859E1C999323} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US105D20151112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {9F2EC9DA-717F-44C6-88C6-3F290CDEE8FE} URL =
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {FBB9B255-9523-4B92-95A8-9F1303537237} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C014US105D20151112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> {FD0B9DE7-FD50-42B6-816F-125F906B4F1D} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C010US0D19700101&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies S.A.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1402744594-715304676-2032789375-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-10-16] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fsgz1jde.default [2017-11-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fsgz1jde.default -> Secure Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fsgz1jde.default -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\fsgz1jde.default -> Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fsgz1jde.default -> Secure Search
FF Keyword.URL: Mozilla\Firefox\Profiles\fsgz1jde.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C114US105D20140716&p=
FF Extension: (NoScript) - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fsgz1jde.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-01]
FF SearchPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fsgz1jde.default\searchplugins\McSiteAdvisor.xml [2015-11-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1402744594-715304676-2032789375-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-22] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1402744594-715304676-2032789375-1001: electronicarts.com/GameFacePlugin -> C:\Users\Sean\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin HKU\S-1-5-21-1402744594-715304676-2032789375-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C214US91118D20151112&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default [2017-11-07]
CHR Extension: (YouTube) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-10-16] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-12-18] (Sony Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2007-02-12] (Syntek America Inc.)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-07] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [632704 2007-06-28] (Syntek)
S1 A2DDA; \??\C:\Users\Sean\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 19:57 - 2017-11-07 20:00 - 000025719 _____ C:\Users\Sean\Desktop\FRST.txt
2017-11-07 19:56 - 2017-11-07 19:57 - 000000000 ____D C:\FRST
2017-11-07 19:55 - 2017-11-07 19:55 - 002403328 _____ (Farbar) C:\Users\Sean\Desktop\FRST64.exe
2017-11-07 19:48 - 2017-11-07 19:48 - 000001235 _____ C:\Users\Sean\Desktop\mb-scan-results.txt
2017-11-07 18:50 - 2017-11-07 18:50 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-07 18:50 - 2017-11-07 18:50 - 000001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-07 18:50 - 2017-11-07 18:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-07 18:50 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-07 18:49 - 2017-11-07 18:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-07 18:41 - 2017-11-07 18:50 - 000004523 _____ C:\Users\Sean\Desktop\mb-clean-results.txt
2017-11-07 18:30 - 2017-11-07 18:30 - 000863696 _____ (Malwarebytes) C:\Users\Sean\Desktop\mb-clean-3.1.0.1031.exe
2017-11-06 09:57 - 2017-11-06 09:57 - 000026361 _____ C:\Users\Sean\Desktop\dds.txt
2017-11-06 09:57 - 2017-11-06 09:57 - 000007467 _____ C:\Users\Sean\Desktop\attach.txt
2017-11-03 20:16 - 2017-11-03 20:16 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-10-13 08:48 - 2017-10-13 08:48 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-13 08:32 - 2017-09-13 10:33 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-10-13 08:32 - 2017-09-13 10:32 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-13 08:32 - 2017-09-13 10:32 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-10-13 08:32 - 2017-09-13 10:32 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-10-13 08:32 - 2017-09-13 10:32 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-10-13 08:32 - 2017-09-13 10:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000886272 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-10-13 08:32 - 2017-09-13 10:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:13 - 004001512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-10-13 08:32 - 2017-09-13 10:13 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-10-13 08:32 - 2017-09-13 10:10 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000830464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-10-13 08:32 - 2017-09-13 10:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:08 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 10:05 - 000324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-13 08:32 - 2017-09-13 10:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-10-13 08:32 - 2017-09-13 10:00 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-10-13 08:32 - 2017-09-13 10:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-10-13 08:32 - 2017-09-13 10:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-10-13 08:32 - 2017-09-13 09:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-10-13 08:32 - 2017-09-13 09:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-10-13 08:32 - 2017-09-13 09:53 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-13 08:32 - 2017-09-13 09:53 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-10-13 08:32 - 2017-09-13 09:53 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-10-13 08:32 - 2017-09-13 09:52 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-10-13 08:32 - 2017-09-13 09:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-10-13 08:32 - 2017-09-13 09:50 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-10-13 08:32 - 2017-09-13 09:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-10-13 08:32 - 2017-09-13 09:46 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-10-13 08:32 - 2017-09-13 09:46 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-10-13 08:32 - 2017-09-13 09:46 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-10-13 08:32 - 2017-09-13 09:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 09:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 09:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 09:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-10-13 08:32 - 2017-09-13 09:46 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-10-13 08:32 - 2017-09-08 19:45 - 000395984 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-13 08:32 - 2017-09-08 18:47 - 000347344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-13 08:32 - 2017-09-08 10:34 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-13 08:32 - 2017-09-08 10:30 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-10-13 08:32 - 2017-09-08 10:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-10-13 08:32 - 2017-09-08 10:14 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-10-13 08:32 - 2017-09-08 10:13 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-10-13 08:32 - 2017-09-08 10:13 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-10-13 08:32 - 2017-09-08 10:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-13 08:32 - 2017-09-08 10:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-10-13 08:32 - 2017-09-08 10:10 - 000312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-13 08:32 - 2017-09-08 10:10 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-10-13 08:32 - 2017-09-08 10:09 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-10-13 08:32 - 2017-09-08 10:00 - 003222016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-13 08:32 - 2017-09-08 10:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-10-13 08:32 - 2017-09-08 10:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-10-13 08:32 - 2017-09-08 09:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-10-13 08:32 - 2017-09-08 09:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-10-13 08:32 - 2017-09-08 09:20 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-13 08:32 - 2017-09-08 09:20 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-13 08:32 - 2017-09-08 09:20 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-13 08:32 - 2017-09-07 16:38 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-10-13 08:32 - 2017-09-07 16:37 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-10-13 08:32 - 2017-09-07 16:19 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-10-13 08:32 - 2017-09-07 16:18 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-10-13 08:32 - 2017-09-07 16:18 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-10-13 08:32 - 2017-09-07 16:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-13 08:32 - 2017-09-07 16:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-13 08:32 - 2017-09-07 16:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-13 08:32 - 2017-09-07 16:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-13 08:32 - 2017-09-07 16:08 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-10-13 08:32 - 2017-09-07 16:07 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-10-13 08:32 - 2017-09-07 16:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-10-13 08:32 - 2017-09-07 16:01 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-10-13 08:32 - 2017-09-07 16:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-10-13 08:32 - 2017-09-07 16:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-10-13 08:32 - 2017-09-07 16:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-13 08:32 - 2017-09-07 15:52 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-10-13 08:32 - 2017-09-07 15:48 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-10-13 08:32 - 2017-09-07 15:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-13 08:32 - 2017-09-07 15:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-10-13 08:32 - 2017-09-07 15:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-10-13 08:32 - 2017-09-07 15:37 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-10-13 08:32 - 2017-09-07 15:33 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-10-13 08:32 - 2017-09-07 15:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-13 08:32 - 2017-09-07 15:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-13 08:32 - 2017-09-07 15:27 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-10-13 08:32 - 2017-09-07 15:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-13 08:32 - 2017-09-07 15:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-13 08:32 - 2017-09-07 15:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-13 08:32 - 2017-09-07 15:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-13 08:32 - 2017-09-07 15:08 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-10-13 08:32 - 2017-09-07 14:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-13 08:32 - 2017-09-07 14:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-13 08:32 - 2017-09-07 14:27 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-10-13 08:32 - 2017-09-07 14:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-13 08:32 - 2017-09-07 14:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-13 08:32 - 2017-09-07 14:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-10-13 08:32 - 2017-09-07 14:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-13 08:32 - 2017-09-07 14:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-10-13 08:32 - 2017-09-07 14:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-10-13 08:32 - 2017-09-07 14:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-13 08:32 - 2017-09-07 14:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-13 08:32 - 2017-09-07 14:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-13 08:32 - 2017-09-07 14:03 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-10-13 08:32 - 2017-09-07 14:02 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-10-13 08:32 - 2017-09-07 13:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-10-13 08:32 - 2017-09-07 13:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-13 08:32 - 2017-09-07 13:58 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-10-13 08:32 - 2017-09-07 13:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-10-13 08:32 - 2017-09-07 13:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-10-13 08:32 - 2017-09-07 13:44 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-10-13 08:32 - 2017-09-07 13:44 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-10-13 08:32 - 2017-09-07 13:43 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-10-13 08:32 - 2017-09-07 13:40 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-10-13 08:32 - 2017-09-07 13:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-13 08:32 - 2017-09-07 13:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-13 08:32 - 2017-09-07 13:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-10-13 08:32 - 2017-09-07 13:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-13 08:32 - 2017-09-07 13:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-13 08:32 - 2017-09-07 13:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-13 08:32 - 2017-09-07 13:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-13 08:32 - 2017-09-07 13:25 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-10-13 08:32 - 2017-09-07 13:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-13 08:32 - 2017-09-07 13:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-13 08:32 - 2017-09-07 12:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-13 08:32 - 2017-09-07 12:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-13 08:32 - 2017-09-07 10:31 - 002851328 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-10-13 08:32 - 2017-09-07 10:12 - 002755072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2017-10-13 08:32 - 2017-09-07 09:55 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-13 08:32 - 2017-09-07 09:55 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-13 08:32 - 2017-09-07 09:55 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-13 08:32 - 2017-08-19 10:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-10-13 08:32 - 2017-08-19 10:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-10-13 08:32 - 2017-08-19 10:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-10-13 08:32 - 2017-08-19 10:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-10-13 08:32 - 2017-08-19 10:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-10-13 08:32 - 2017-08-19 10:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-10-13 08:32 - 2017-08-19 10:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-10-13 08:32 - 2017-08-19 10:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-10-13 08:32 - 2017-08-19 09:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-10-13 08:32 - 2017-08-19 09:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-10-13 08:32 - 2017-08-14 12:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-10-13 08:32 - 2017-08-14 12:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-10-13 08:32 - 2017-08-14 12:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-10-13 08:32 - 2017-08-13 16:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-07 19:57 - 2015-06-20 07:28 - 000000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1402744594-715304676-2032789375-1001UA.job
2017-11-07 18:52 - 2009-07-13 23:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-07 18:52 - 2009-07-13 23:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-07 18:50 - 2009-07-14 00:13 - 000783464 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-07 18:50 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-11-07 18:43 - 2010-09-22 23:11 - 000000000 ____D C:\Users\Sean\AppData\Local\SoftThinks
2017-11-07 18:43 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-07 18:42 - 2010-09-23 04:16 - 000000000 ____D C:\Users\Sean\AppData\Roaming\SoftGrid Client
2017-11-07 18:41 - 2016-11-21 23:38 - 000000000 ____D C:\Users\Sean\AppData\LocalLow\Mozilla
2017-11-07 17:04 - 2011-10-10 16:34 - 000000000 ____D C:\Users\Sean\Desktop\Anti-Spyware
2017-11-07 13:46 - 2010-09-09 08:26 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2017-11-07 08:31 - 2010-09-23 02:57 - 000000000 ____D C:\Users\Sean\AppData\Local\Adobe
2017-11-05 23:57 - 2015-06-20 07:28 - 000000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1402744594-715304676-2032789375-1001Core.job
2017-11-05 18:06 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-11-05 13:11 - 2017-06-15 21:37 - 000000000 ____D C:\ProgramData\Ableton
2017-11-05 13:00 - 2017-06-15 21:41 - 000000000 ____D C:\Users\Sean\AppData\Roaming\Ableton
2017-11-02 13:28 - 2014-06-11 08:49 - 000000000 ____D C:\Users\Sean\AppData\Roaming\Dropbox
2017-11-02 08:09 - 2016-11-19 23:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-02 08:09 - 2012-10-12 08:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-25 18:39 - 2012-04-04 08:07 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-25 18:39 - 2012-04-04 08:06 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-25 18:39 - 2011-11-13 14:50 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-25 18:39 - 2011-05-15 11:24 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-25 18:39 - 2010-09-09 08:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-24 14:53 - 2012-06-08 19:06 - 000077536 _____ C:\Users\Sean\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-15 08:40 - 2016-11-22 13:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-10-14 08:26 - 2012-06-08 18:09 - 000309528 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-13 08:57 - 2013-08-14 23:13 - 000000000 ____D C:\Windows\system32\MRT
2017-10-13 08:47 - 2010-09-23 03:44 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-13 08:42 - 2010-09-23 04:16 - 000775586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2012-07-07 21:56 - 2012-07-07 21:56 - 000213187 _____ () C:\Users\Sean\AppData\Roaming\MMUpgrade.jpg
2016-03-26 22:23 - 2016-03-26 22:24 - 238722213 _____ () C:\Users\Sean\AppData\Local\ACCCx3_5_1_209.zip
2011-12-03 23:22 - 2012-07-07 21:59 - 000006144 _____ () C:\Users\Sean\App

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #5 on: November 07, 2017, 07:25:08 PM »
==================== Files in the root of some directories =======

2012-07-07 21:56 - 2012-07-07 21:56 - 000213187 _____ () C:\Users\Sean\AppData\Roaming\MMUpgrade.jpg
2016-03-26 22:23 - 2016-03-26 22:24 - 238722213 _____ () C:\Users\Sean\AppData\Local\ACCCx3_5_1_209.zip
2011-12-03 23:22 - 2012-07-07 21:59 - 000006144 _____ () C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-21 23:39 - 2013-07-04 14:47 - 000007604 _____ () C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
2015-04-15 08:42 - 2015-04-15 08:42 - 000000057 _____ () C:\ProgramData\Ament.ini
2010-09-26 22:43 - 2010-09-26 22:43 - 000000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
2016-03-26 22:24 - 2016-03-26 22:24 - 000288456 _____ (Adobe Systems Incorporated) C:\Users\Sean\AppData\Local\Temp\AAMHelper.exe
2017-09-20 21:25 - 2017-03-29 12:41 - 004093576 _____ () C:\Users\Sean\AppData\Local\Temp\Ableton Swapper.exe
2016-03-26 22:22 - 2015-08-06 21:30 - 002212144 _____ (Adobe Systems Incorporated) C:\Users\Sean\AppData\Local\Temp\AdobeApplicationManager.exe
2015-12-11 08:46 - 2015-12-11 08:46 - 000071168 _____ () C:\Users\Sean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwvci26.dll
2017-10-19 22:57 - 2017-10-19 22:57 - 000000000 _____ () C:\Users\Sean\AppData\Local\Temp\GURB193.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 15:21

==================== End of FRST.txt ============================

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #6 on: November 07, 2017, 07:26:06 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Sean (07-11-2017 20:00:54)
Running from C:\Users\Sean\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-23 04:10:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1402744594-715304676-2032789375-500 - Administrator - Disabled)
Caiti (S-1-5-21-1402744594-715304676-2032789375-1003 - Administrator - Enabled) => C:\Users\Caiti
Guest (S-1-5-21-1402744594-715304676-2032789375-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1402744594-715304676-2032789375-1002 - Limited - Enabled)
Mary (S-1-5-21-1402744594-715304676-2032789375-1004 - Limited - Enabled) => C:\Users\Mary
Sean (S-1-5-21-1402744594-715304676-2032789375-1001 - Administrator - Enabled) => C:\Users\Sean

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Lite (HKLM\...\{0B08C4C6-8B1F-4657-ABF6-71E46A8D13F3}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Autodesk SketchBook Express 2011 sp2 (HKLM-x32\...\{EB87378B-E64A-4D27-8AB6-0786BAB3AC84}) (Version: 5.20.0000 - Autodesk)
Bamboo Dock (HKLM-x32\...\{90DFD61B-8224-00C6-3D69-A983B60A394E}) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (HKLM-x32\...\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1) (Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (HKLM-x32\...\{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}) (Version: 3.0.20 - Wacom) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cyberduck 4.6.5 (17000) (HKLM-x32\...\Cyberduck) (Version: 4.6.5 (17000) - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue) (Version:  - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.40 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM\...\{C73A3942-84C8-4597-9F9B-EE227DCBA758}) (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dropbox (HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Install Network Printer Wizard (HKLM-x32\...\{FF1C72E2-203C-4E95-8D24-735196D29E04}) (Version: 8.1.03 - Hewlett-Packard)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 0.0.0.0000 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Krita Desktop (x64) 2.9.11.0 (HKLM\...\{AF6A4BDD-B912-42DD-972B-986DA81A429A}) (Version: 2.9.11.0 - Krita Foundation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
MergeModule_x64 (HKLM\...\{20E0665F-E4EE-4E2A-8E86-EFC65129FE41}) (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 56.0.2 (x64 en-US)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
PlayMemories Home (HKLM-x32\...\{35831FDB-25FF-4DD6-9670-31D12CE2B37E}) (Version: 8.0.30.12182 - Sony Corporation)
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung New PC Studio (HKLM-x32\...\{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4036 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SOHLib for PlayMemories Home (HKLM\...\{7DA5BBDC-3B1E-44CF-90F9-8421FE397BF6}) (Version: 1.0.2.12040 - Sony Corporation) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TEFView 2.75 (HKLM-x32\...\TEFView_is1) (Version:  - TablEdit)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Unity Web Player (HKU\S-1-5-21-1402744594-715304676-2032789375-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 ATV (HKLM-x32\...\USB2.0 ATV) (Version:  - )
Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.5.67 - Verizon)
VoiceOver Kit (HKLM-x32\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1402744594-715304676-2032789375-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] ()
ContextMenuHandlers2-x32: [Ulead UDF Driver] -> {DBD8E168-244D-448C-9922-25508950D1DC} => C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [2005-03-02] (Ulead Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] ()
ContextMenuHandlers1_S-1-5-21-1402744594-715304676-2032789375-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1402744594-715304676-2032789375-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1402744594-715304676-2032789375-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E66681D-1DE6-4374-8670-27B6CBBC9FC2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1402744594-715304676-2032789375-1001Core => C:\Users\Sean\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {286D20B4-0CD9-4E44-8166-DE2104F77849} - System32\Tasks\HPCustPartic.exe_{3CE9B68A-8D47-4FB5-A86A-94E40D5F6086} => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {2A3C7C68-024F-4471-A74C-97EE77FEBC83} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [2014-07-18] (Hewlett-Packard Development Company, LP)
Task: {31FCE334-2604-4DA6-94FC-56A5FD690E16} - System32\Tasks\{8A599E90-FCE9-4C08-BDBE-1AC00C40EF09} => C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe [2013-12-18] (Sony Corporation)
Task: {3CB985D1-9A5E-4786-BE77-611114E76AB4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1402744594-715304676-2032789375-1001UA => C:\Users\Sean\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {3DA8895A-AA80-45AD-B691-A66791DDA259} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4C222656-298C-41C1-8297-399C05CAFAA3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {816A14CB-801A-448A-8E75-B5F9636CBB7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D2B6F54D-DFD2-4CA5-BAB1-5CDBF1953A36} - System32\Tasks\AdobeAAMUpdater-1.0-Sean-INSPIRON-Caiti => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {E2E8B0A3-8A75-45AB-B452-DF90FBF6B7D5} - System32\Tasks\AdobeAAMUpdater-1.0-Sean-INSPIRON-Sean => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {F1F7D55A-92B1-4B48-95C8-28DE07801F99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {F3B4F440-6906-422B-9128-57D256DFF7FD} - System32\Tasks\AdobeAAMUpdater-1.0-Sean-INSPIRON-Mary => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1402744594-715304676-2032789375-1001Core.job => C:\Users\Sean\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1402744594-715304676-2032789375-1001UA.job => C:\Users\Sean\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-01-22 12:55 - 2016-01-22 12:55 - 000553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-09-09 08:27 - 2010-05-21 12:00 - 000783680 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2013-02-16 17:29 - 2012-12-11 13:07 - 001184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2017-09-26 07:37 - 2017-09-26 07:37 - 000472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\7933efadf1062d39c8b61dcf060687c4\VistaBridgeLibrary.ni.dll
2009-12-15 20:14 - 2009-12-15 20:14 - 000498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-10-16 04:39 - 2012-10-16 04:39 - 000646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2010-02-28 01:33 - 2010-02-28 01:33 - 000077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2017-11-07 18:50 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-27 08:25 - 2017-09-21 02:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 08:25 - 2017-09-21 02:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 000116032 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 000128320 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 001123648 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-09-09 08:26 - 2010-05-21 11:59 - 000079168 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 000234816 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 000075072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 000111936 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-09-09 08:26 - 2010-05-21 11:58 - 000121152 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2017-11-02 13:27 - 2017-11-01 06:58 - 000724288 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-11-02 13:27 - 2017-11-01 06:58 - 002002752 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-10-04 18:12 - 2017-11-01 06:57 - 000100296 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000018888 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\select.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000020800 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000035792 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000694224 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000021848 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000130512 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 001856848 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000022864 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-11-02 13:27 - 2017-11-01 06:57 - 000145864 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-11-02 13:27 - 2017-11-01 06:58 - 000116688 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-10-04 18:12 - 2017-11-01 06:57 - 000105928 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000022864 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000062784 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000024528 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000040248 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-11-02 13:27 - 2017-11-01 06:57 - 000020936 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000124880 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000116176 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-11-02 13:27 - 2017-11-01 06:58 - 000392656 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-10-04 18:12 - 2017-11-01 07:01 - 000392512 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000026456 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000024016 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000175560 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000030160 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000043472 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000026056 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000048592 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000057808 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000021824 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000023368 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000022856 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000066392 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 001796920 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000084424 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\sip.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 001956152 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 003859264 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000154440 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000521024 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000050496 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000042304 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000131384 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000218944 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000204096 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000025432 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000060880 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000054608 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000024016 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000022864 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000028616 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000022360 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000021848 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000022360 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000027488 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-04 18:12 - 2017-11-01 06:57 - 000349128 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-10-04 18:12 - 2017-11-01 07:01 - 000023896 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000025424 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-11-02 13:27 - 2017-11-01 06:58 - 000036296 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\librsync.dll
2017-11-02 13:27 - 2017-11-01 07:01 - 000181056 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-10-04 18:12 - 2017-11-01 07:01 - 000030536 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000024368 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\libEGL.DLL
2017-11-02 13:27 - 2017-11-01 07:01 - 001638200 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-10-04 18:12 - 2017-11-01 07:01 - 000026456 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000545080 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000359224 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-11-02 13:27 - 2017-11-01 07:01 - 000038208 _____ () C:\Users\Sean\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-09-26 07:47 - 2017-09-26 07:47 - 000170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b5f4a6496e65d431698f64ba7160604\IsdiInterop.ni.dll
2010-09-09 08:22 - 2010-03-03 20:08 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-08-20 08:49 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1402744594-715304676-2032789375-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 71.243.0.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6526BDD8-4141-4197-B907-966402C64FE7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{024826DA-73FE-47B0-B563-2CF287F2752C}] => (Allow) svchost.exe
FirewallRules: [{F40EC348-A64E-4F0B-A6E3-DFC82D2695F2}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{993A04FE-46C8-4930-BF26-92632626284D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A5FFE407-C13C-477E-BCE5-DAFAEE472579}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7F15AAA4-2008-40BE-A887-72BB21986651}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{38B5F143-FBA8-4C64-BFCD-6B3BC5DFEC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3584906B-5773-4E0C-9209-A939B0A73D58}] => (Allow) LPort=2869
FirewallRules: [{71B91310-B89D-484F-A04A-E7B92AA5BAF1}] => (Allow) LPort=1900
FirewallRules: [{14638EAA-6AA1-49FE-8930-E6E9EE330EC7}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{7433D403-B93B-4B30-B4AA-A83A0031AC86}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe
FirewallRules: [{566485D1-C6A3-4ED5-B840-452E33B0B738}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{F55081DE-46B8-4B97-B21A-1213B888AA57}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe
FirewallRules: [{449F3050-D463-4EE2-B278-C9C385A634B5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{72FEDB05-12DF-40CC-9B10-9F7DC12FB83B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20B81EF9-C7D3-499A-93F2-EEFEB6D2758C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B94D5F9C-01F7-436C-82E6-0E4A8A2F867F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DB36362F-A332-4A1B-B700-369EF9B50B18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A71EEE9-0269-445D-B56C-0F5D736D6FC4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B38E6A09-E0CC-4512-B3D1-38FF8BDB204A}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{BF061E7F-57F7-45C3-A0DC-F884A87F07E4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4CF3121F-26C2-498D-B120-7135F76F4372}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{EE4A5239-A8BA-48E3-BDC6-46E41ACED5CC}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1B192BBD-28D1-48F5-BB4F-F07BF42ECB02}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{258F88BB-930E-4CC7-A12A-D45DC8112327}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CC0266CE-8DB9-4AE7-B20F-6826E6B8CA0C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{747C97FD-5BDE-4B7B-A6B0-BF20349A08A7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{F38FACA4-3660-4BE3-8F7B-678E9BB88991}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DC0A41AF-A9BA-4536-AD78-DDAA6241BCDD}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{411675AE-11A4-4F39-9AD3-1FE0A96C93B1}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{8DA951C9-BCF3-458E-9013-E9B75EECDE1F}] => (Allow) C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F5E75D95-5933-46C6-8171-98DFE1591903}] => (Allow) C:\Users\Sean\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{61DCDECF-453C-41BA-90B4-3B7AA88701B5}C:\users\sean\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sean\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{996F4F80-996D-4B16-B643-B6CFEE0D67B8}C:\users\sean\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sean\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{7C561F26-E0EE-4DB4-82DA-944B85B30E02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{953B0535-36C2-48D4-A946-7C4E4D9CEC20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{610FEE6E-AB38-43A0-956C-38CDB850ACCD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{1942025F-8D58-49FA-9370-18068956C7B9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{A1E6C71F-7AD1-43BA-A3E6-FFF301D81839}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{38769EA1-4E29-4EDA-8F97-429283721F07}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{CC69A4D9-355B-4FC6-9E9E-422E61B34836}] => (Allow) LPort=5357
FirewallRules: [{9A4697E6-3C8A-4CDE-AA3C-989E3767334F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{83790B3A-5B0D-4F0C-8026-6941D4ECDFB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79B54F15-F0E3-42AE-864E-8D095B964202}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1ADEEE4-5B65-492C-BE3A-E4C9B2DB5FAC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-10-2017 13:08:18 Windows Update
24-10-2017 09:14:26 Windows Update
05-11-2017 08:39:10 Windows Update

==================== Faulty Device Manager Devices =============

Name: A2 Direct Disk Access Support Driver
Description: A2 Direct Disk Access Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: A2DDA
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2017 09:35:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Sean\Desktop\Anti-Spyware\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2017 09:35:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Sean\Desktop\Anti-Spyware\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2017 09:35:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Sean\Desktop\Anti-Spyware\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2017 08:34:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2017 08:30:59 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (11/06/2017 08:39:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Users\Sean\Desktop\Anti-Spyware\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/06/2017 08:37:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/06/2017 08:35:40 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (11/05/2017 11:00:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10826

Error: (11/05/2017 11:00:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10826


System errors:
=============
Error: (11/07/2017 06:42:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/07/2017 01:47:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (11/07/2017 01:47:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sean\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/07/2017 01:47:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (11/07/2017 01:47:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sean\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/07/2017 01:47:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (11/07/2017 01:47:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sean\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/07/2017 01:47:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (11/07/2017 01:47:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Sean\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/07/2017 01:47:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


CodeIntegrity:
===================================
  Date: 2014-08-20 09:48:35.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-20 09:48:35.318
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-12 17:00:29.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-12 17:00:29.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-12 17:00:29.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 21:44:13.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 21:44:13.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 21:44:13.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 19:46:31.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 19:46:31.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 4060.99 MB
Available physical RAM: 2130.05 MB
Total Virtual: 8120.17 MB
Available Virtual: 6032.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:688.72 GB) (Free:369.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 86C69001)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #7 on: November 08, 2017, 03:59:31 PM »
Hello Sean,

Those logs are clean, what is happening with your PC, any issues or concerns...?

Thanks,

Kevin...

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #8 on: November 08, 2017, 06:24:17 PM »
Hi Kevin,

My main concern was the malwarebytes icon disappearing from my desktop and the mbam.exe file disappearing.

Also eset found a Trojan (HTML/FakeAlert.MD Trojan).

The HD also seems to be constantly active, and it's a little slow to start up. Neither are issues that I can't live with.  I realize that the machine is getting a bit dated.  As long as everything looks clean I'm happy :)

Thanks!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #9 on: November 09, 2017, 03:02:24 AM »
Hello sean,

Lets run a couple more scans to be totally sure your system is clean....

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Sophos logs are saved here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Let me see those logs in your reply, also give an update on any remaining issues or concerns....

Thank you,

Kevin.....

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #10 on: November 09, 2017, 08:32:17 AM »
Hi Kevin,

Here is the adwcleaner log.

I will start the other scan now.

Thanks!

# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 09 13:59:01 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d160accw6snlyf.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d23716qn9q7omq.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d3b3ehuo35wzeh.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d3jdlwnuo8nsnr.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d3l3lkinz3f56t.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d3tpuxked45kzt.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\istartedsomething.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\searchenginewatch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\venicerestaurant.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.istartedsomething.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.metrolyrics.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.venicerestaurant.com
Deleted: [Key] - HKU\S-1-5-21-1402744594-715304676-2032789375-1001\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{21FA44EF-376D-4D53-9B0F-8A89D3229068}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4081 B] - [2017/11/9 13:48:56]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #11 on: November 09, 2017, 01:01:25 PM »
Hi Kevin,

Here are the Sophos logs:

2017-11-09 14:40:36.984   Sophos Virus Removal Tool version 2.6.1
2017-11-09 14:40:36.984   Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-11-09 14:40:36.984   This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-11-09 14:40:36.984   Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-11-09 14:40:36.984   Checking for updates...
2017-11-09 14:40:38.296   Update progress: proxy server not available
2017-11-09 14:40:51.322   Option all = no
2017-11-09 14:40:51.322   Option recurse = yes
2017-11-09 14:40:51.322   Option archive = no
2017-11-09 14:40:51.322   Option service = yes
2017-11-09 14:40:51.322   Option confirm = yes
2017-11-09 14:40:51.322   Option sxl = yes
2017-11-09 14:40:51.322   Option max-data-age = 35
2017-11-09 14:40:51.322   Option vdl-logging = yes
2017-11-09 14:40:51.353   Customer ID:   094260ca9b3af99f9d4a3909fc47a743
2017-11-09 14:40:51.353   Machine ID:   870c47ec0a6142cfbfd32f81bafdc72e
2017-11-09 14:40:51.369   Component SVRTcli.exe version 2.6.1
2017-11-09 14:40:51.369   Component control.dll version 2.6.1
2017-11-09 14:40:51.369   Component SVRTservice.exe version 2.6.1
2017-11-09 14:40:51.369   Component engine\osdp.dll version 1.44.1.2286
2017-11-09 14:40:51.369   Component engine\veex.dll version 3.68.6.2286
2017-11-09 14:40:51.369   Component engine\savi.dll version 9.0.7.2286
2017-11-09 14:40:51.369   Component rkdisk.dll version 1.5.31.1
2017-11-09 14:40:51.369   Version info:   Product version   2.6.1
2017-11-09 14:40:51.369   Version info:   Detection engine   3.68.6
2017-11-09 14:40:51.369   Version info:   Detection data   5.44
2017-11-09 14:40:51.369   Version info:   Build date   9/19/2017
2017-11-09 14:40:51.369   Version info:   Data files added   369
2017-11-09 14:40:51.369   Version info:   Last successful update   (not yet updated)
2017-11-09 14:40:55.550   Downloading updates...
2017-11-09 14:40:55.550   Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-11-09 14:40:55.550   Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-09 14:40:55.550   Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-09 14:40:55.550   Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-11-09 14:40:55.550   Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-11-09 14:40:55.550   Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-11-09 14:40:55.550   Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product IDE546 LATEST path=]
2017-11-09 14:40:55.550   Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2017-11-09 14:40:55.550   Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2017-11-09 14:40:55.550   Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-11-09 14:40:55.955   Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-11-09 14:40:55.955   Update progress: [I19463] Product download size 174235198 bytes
2017-11-09 14:40:58.030   Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-11-09 14:40:58.030   Update progress: [I19463] Product download size 2585002 bytes
2017-11-09 14:40:58.280   Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-11-09 14:40:58.280   Update progress: [I19463] Product download size 3165416 bytes
2017-11-09 14:40:58.615   Update progress: [I19463] Syncing product IDE547 LATEST path=
2017-11-09 14:40:58.615   Update progress: [I19463] Product download size 554065 bytes
2017-11-09 14:40:59.426   Update progress: [I19463] Syncing product IDE548 LATEST path=
2017-11-09 14:40:59.520   Installing updates...
2017-11-09 14:41:00.331   Error level 1
2017-11-09 14:41:15.807   Update successful
2017-11-09 14:41:33.872   Option all = no
2017-11-09 14:41:33.872   Option recurse = yes
2017-11-09 14:41:33.872   Option archive = no
2017-11-09 14:41:33.872   Option service = yes
2017-11-09 14:41:33.872   Option confirm = yes
2017-11-09 14:41:33.872   Option sxl = yes
2017-11-09 14:41:33.872   Option max-data-age = 35
2017-11-09 14:41:33.872   Option vdl-logging = yes
2017-11-09 14:41:33.888   Customer ID:   094260ca9b3af99f9d4a3909fc47a743
2017-11-09 14:41:33.888   Machine ID:   870c47ec0a6142cfbfd32f81bafdc72e
2017-11-09 14:41:33.888   Component SVRTcli.exe version 2.6.1
2017-11-09 14:41:33.888   Component control.dll version 2.6.1
2017-11-09 14:41:33.888   Component SVRTservice.exe version 2.6.1
2017-11-09 14:41:33.888   Component engine\osdp.dll version 1.44.1.2286
2017-11-09 14:41:33.888   Component engine\veex.dll version 3.68.6.2286
2017-11-09 14:41:33.888   Component engine\savi.dll version 9.0.7.2286
2017-11-09 14:41:33.888   Component rkdisk.dll version 1.5.31.1
2017-11-09 14:41:33.888   Version info:   Product version   2.6.1
2017-11-09 14:41:33.888   Version info:   Detection engine   3.68.6
2017-11-09 14:41:33.888   Version info:   Detection data   5.44
2017-11-09 14:41:33.888   Version info:   Build date   9/19/2017
2017-11-09 14:41:33.888   Version info:   Data files added   369
2017-11-09 14:41:33.888   Version info:   Last successful update   11/9/2017 9:41:15 AM

2017-11-09 15:53:13.654   Warning: rootkit scan failed to open volume "\\?\Volume{0b8cbf13-c6f0-11df-8cbe-b8ac6fda271c}" (5)
2017-11-09 15:54:13.080   Could not open C:\hiberfil.sys
2017-11-09 15:54:15.451   Could not open C:\pagefile.sys
2017-11-09 16:19:10.819   Could not open C:\System Volume Information\{0e29af75-b8bd-11e7-88ba-b8ac6fda271c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-09 16:19:10.819   Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-09 16:19:10.819   Could not open C:\System Volume Information\{3b1e1572-c556-11e7-8045-b8ac6fda271c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-09 16:19:10.819   Could not open C:\System Volume Information\{5afc148d-c22d-11e7-aece-b8ac6fda271c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-09 16:19:10.819   Could not open C:\System Volume Information\{fa86d0b1-b406-11e7-88a3-b8ac6fda271c}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-11-09 17:55:57.195   Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-11-09 17:55:57.195   Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-11-09 17:56:08.866   Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-11-09 17:56:08.866   Could not open C:\Windows\System32\config\RegBack\SAM
2017-11-09 17:56:08.866   Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-11-09 17:56:08.866   Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-11-09 17:56:08.866   Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-11-09 18:38:35.083   Could not open LOGICAL:0003:00000000
2017-11-09 18:38:35.099   Could not open D:\
2017-11-09 18:38:35.099   Could not open LOGICAL:0010:00000000
2017-11-09 18:38:35.099   Could not open Q:\
2017-11-09 18:38:35.832   Error level 0

2017-11-09 18:52:35.831   Scan completed.
2017-11-09 18:52:35.831   

------------------------------------------------------------


Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #12 on: November 09, 2017, 01:09:42 PM »
...and here is the other Sophos log (cloud4) was too big to post so I've included as an attachment.

Thanks!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7670
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #13 on: November 09, 2017, 01:39:47 PM »
Thanks for those logs sean, all looking ok... Unless you have any remaining issues or concerns run the following to clean up:

Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings   <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... 

Offline sean

  • Bronze Member
  • Posts: 133
Re: [In Progress - K] mbam icon vanished from desktop and systray
« Reply #14 on: November 09, 2017, 04:13:55 PM »
Hi Kevin,

Just finished clean-up.

Thanks again for all of your help!   :ty

Sean