Jump to content

mybeautyexchange

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by mybeautyexchange

  1. UPDATE: Below is the Farbar Recover Scan Tool (FRST) File scan AFTER the reboot from the AdwCleaner Scan. Hope to hear back soon. Thanks! AdditionTXT[After-Reboot3-15].txt FRST-TXT[After-Reboot3-15].txt
  2. Below is the -AFTER-Reboot Scan Files. By Skimming through the file, it looks like only two folders were deleted, but with all the attachments I've provided, Please get back to me on what my next step should be. Also, once I did the reboot, I had a "Software Update" 'Pop-up' appear. Below I uploaded a screen grab, before I close it out, I'd like to see if you have a suggestion on what to do with it. Please get back to me as soon as possible, thank you for all the help. AdwCleaner[C0][Aftrer-Reboot3-15].txt
  3. Below I have attached the file from the AdwCleaner Scan. This was the file which appeared BEFORE I clicked "Clean" I believe it found '3 elements' AdwCleaner[S0][3-15].txt
  4. Okay, I apologize, I will attach the logs instead. The files names "MalwarebytesTXTfile" are all regarding Step one. The program has been running scans, and seems to have possibly caught a few Viruses. I currently have (today's) Malwarebytes scan in the process, and need to Install the "AdwCleaner" Once I have that completed, I will update with another post, with those attached files as well. The files named "FRST" & "Addition" are regarding Step Three --- the Farbar Recovery Scan Tool. Thank you for the help. MalwarebytesTXTfile3-12.txt MalwarebytesTXTfile3-13.txt MalwarebytesTXTfile3-14.txt AdditionTXT.txt FRST-TXT.txt
  5. It seems as though my (work) computer has sent out a large amount of emails to people I may have recently been in contact with. The email (which was not sent by me) contained a dead link [the link did not open anything] according to those who reached out to me regarding this email. If someone could help verify the issue, it would be greatly appreciated. Here are the .txt files extracted from the Farbar Recovery Scan Tool (x64 bit) (FRST) - FRST.txt - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (administrator) on BEAUTYEXCHANGE (12-03-2018 14:23:11) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Loaded Profiles: Beauty Exchange & QBDataServiceUser23 (Available Profiles: Beauty Exchange & QBDataServiceUser23 & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE (Starfield Technologies) C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [425512 2015-01-22] (CANON INC.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-12-16] (Power Software Ltd) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1868520 2016-08-08] (CANON INC.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [Starfield Updater] => C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe [35008 2017-02-06] (Starfield Technologies) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [aepitall] => C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Devisapi\apilrror.exe [667136 2018-03-01] () HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\MountPoints2: {28a85a68-3fb9-11e6-b05c-7071bca08d5f} - J:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2014-02-06] ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-12] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4EC0104C-B538-4FC0-8AE6-8A27EE6982D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{700705CE-A709-4CA7-A019-19B8C24DD241}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [NameServer] 67.205.168.151 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-890987734-199605990-4172685101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> DefaultScope {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://apps8.fldfs.com/aspnet_client/system_web/4_0_30319/crystalreportviewers12/ActiveXControls/PrintControl.cab Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06] [Legacy] [not signed] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Beauty Exchange\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.googl.e.com/" CHR Profile: C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default [2018-03-05] CHR Extension: (Docs) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25] CHR Extension: (Google Drive) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17] CHR Extension: (YouTube) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17] CHR Extension: (Google Search) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17] CHR Extension: (Google Docs Offline) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05] CHR Extension: (Gmail) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15] CHR Extension: (Chrome Media Router) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-12] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.) R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-12] (Malwarebytes) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2018-03-12 14:23 - 000000000 ____D C:\FRST 2018-03-12 14:17 - 2018-03-12 14:21 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\MB2Migration 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-12 14:17 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-08 11:26 - 2018-03-08 11:26 - 000011446 _____ C:\Users\Beauty Exchange\Downloads\Untitled (2) 2018-03-02 12:31 - 2018-03-05 17:54 - 000000000 ____D C:\Windows\system32\appmgmt 2018-03-02 04:28 - 2018-03-02 04:28 - 000000000 ____D C:\6f16d32e1493efcc5377a4493987a767 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 _____ C:\Users\Beauty Exchange\Documents\1.txt 2018-02-27 14:17 - 2018-02-27 14:17 - 000123013 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (6).pdf 2018-02-27 14:15 - 2018-02-27 14:15 - 000114003 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (2).pdf 2018-02-23 13:43 - 2018-02-23 13:43 - 000347473 _____ C:\Users\Beauty Exchange\Desktop\Open Enrollment Letter.pdf 2018-02-22 16:03 - 2018-02-22 16:03 - 000088991 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (1).pdf 2018-02-22 16:01 - 2018-02-22 16:01 - 000074642 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018.pdf 2018-02-20 17:38 - 2018-02-20 17:38 - 000198551 _____ C:\Users\Beauty Exchange\Downloads\Federal W-2 4_1_2017 (2).pdf 2018-02-20 17:28 - 2018-02-20 17:28 - 000121798 _____ C:\Users\Beauty Exchange\Downloads\W2 Verification Report 4_1_2017.pdf 2018-02-20 17:19 - 2018-02-20 17:19 - 000213707 _____ C:\Users\Beauty Exchange\Downloads\Payroll Reports - All of the Above 2_16_2018.PDF 2018-02-20 17:16 - 2018-02-20 17:16 - 000123208 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018 (1).pdf 2018-02-20 17:04 - 2018-02-20 17:04 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (3).pdf 2018-02-20 17:03 - 2018-02-20 17:03 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (3).pdf 2018-02-20 17:02 - 2018-02-20 17:02 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (5).pdf 2018-02-20 17:00 - 2018-02-20 17:00 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (2).pdf 2018-02-20 16:55 - 2018-02-20 16:55 - 000088884 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018.pdf 2018-02-20 16:48 - 2018-02-20 16:48 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (1).pdf 2018-02-20 16:47 - 2018-02-20 16:47 - 000064904 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_12_2018.pdf 2018-02-20 16:45 - 2018-02-20 16:45 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (4).pdf 2018-02-20 16:43 - 2018-02-20 16:43 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (2).pdf 2018-02-20 16:25 - 2018-02-20 16:25 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (2).pdf 2018-02-16 10:21 - 2018-02-16 10:21 - 000000000 ____D C:\74f73fd7d831c9dbc9ff93e379 2018-02-13 12:53 - 2018-02-13 12:53 - 000118676 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (3).pdf 2018-02-13 12:50 - 2018-02-13 12:50 - 000109816 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018.pdf 2018-02-13 10:50 - 2018-02-13 10:50 - 000000000 ____D C:\833241a07707b2b730e6446d ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:17 - 2014-06-30 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-12 13:48 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-12 13:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-03-12 13:44 - 2016-10-28 09:03 - 000003490 _____ C:\Windows\System32\Tasks\AutoKMS 2018-03-12 13:43 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-12 12:08 - 2016-06-30 12:07 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Office Forms 2018-03-12 10:36 - 2016-06-27 13:18 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#13 Document 2018-03-12 10:32 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#5 Document 2018-03-08 17:35 - 2016-06-27 13:17 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#11 Document 2018-03-08 11:28 - 2016-07-19 15:32 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\MY PERSONAL 2018-03-07 16:15 - 2017-11-30 17:32 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#18 Document 2018-03-07 13:40 - 2017-08-16 14:16 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Payroll By Week 2018-03-07 11:19 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#6 Document 2018-03-06 15:32 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#8 Document 2018-03-06 15:24 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#7 Document 2018-03-06 14:55 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#4 Document 2018-03-06 14:51 - 2016-06-27 13:10 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#3 Document 2018-03-06 14:43 - 2016-06-27 13:09 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#2 Document 2018-03-06 14:34 - 2017-02-15 15:30 - 000042992 _____ C:\Users\Beauty Exchange\Documents\SALON PAYROLL SHEET 2018.xlsx 2018-03-06 14:33 - 2016-06-27 13:08 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#1 Document 2018-03-06 12:52 - 2014-02-06 00:32 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-06 10:38 - 2017-09-06 10:06 - 000000499 _____ C:\Users\Beauty Exchange\Desktop\Sign In.website 2018-03-02 12:36 - 2014-02-06 00:18 - 000000000 ____D C:\Users\Beauty Exchange\AppData\Local\Adobe 2018-03-02 12:35 - 2017-02-22 11:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-03-02 12:19 - 2016-03-24 17:10 - 000000000 ____D C:\Program Files (x86)\Raptr Inc 2018-03-02 04:28 - 2017-02-01 14:43 - 000000000 ___HT C:\Windows\wusa.lock 2018-03-02 04:28 - 2014-02-06 00:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-02 04:25 - 2014-02-06 00:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-01 13:23 - 2017-05-19 11:06 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#19 Document 2018-02-28 16:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#10 Document 2018-02-28 11:32 - 2016-09-07 15:25 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#16 Document 2018-02-27 10:21 - 2014-02-06 00:17 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-27 10:21 - 2014-02-06 00:17 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-22 16:56 - 2017-03-28 10:41 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\#9 Danny 2018-02-19 10:43 - 2015-05-15 15:46 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Raptr 2018-02-14 10:37 - 2017-11-20 12:41 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Canon Fax Data 2018-02-13 17:03 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2018-02-13 15:04 - 2017-04-04 13:50 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Fax 2018-02-12 16:01 - 2017-03-27 10:38 - 000000000 ____D C:\Users\Beauty Exchange\Documents\OneNote Notebooks 2018-02-12 12:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#9 Document ==================== Files in the root of some directories ======= 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe Some files in TEMP: ==================== 2018-03-01 10:57 - 2018-03-01 10:57 - 000577536 _____ (OrecX Thin) C:\Users\Beauty Exchange\AppData\Local\Temp\1403665.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-07 09:45 ==================== End of FRST.txt =========== ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (12-03-2018 14:23:52) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Windows 7 Ultimate Service Pack 1 (X64) (2014-02-06 04:03:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-890987734-199605990-4172685101-500 - Administrator - Disabled) Beauty Exchange (S-1-5-21-890987734-199605990-4172685101-1000 - Administrator - Enabled) => C:\Users\Beauty Exchange Guest (S-1-5-21-890987734-199605990-4172685101-501 - Limited - Enabled) => C:\Users\Guest QBDataServiceUser23 (S-1-5-21-890987734-199605990-4172685101-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser23 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{B0B857B4-B5CD-7BBB-23FC-6FB64A8A1FD1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) App Manager - Dell C2665dnf (HKLM-x32\...\{B873FAEC-1627-4899-88C4-B8D0D0424F1D}) (Version: 1.00.000 - Dell Inc.) Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.0.6 - CANON INC.) Hidden Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.0.6.10005 - CANON INC.) Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.3.0.0 - CANON INC.) Canon MF731C/733C (HKLM\...\{28DD6D0E-A759-4A32-B9A8-0BC6EAB372A8}) (Version: 5.4.0.0 - CANON INC.) Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix) Configuration Tool - Dell C2665dnf (HKLM-x32\...\{5AC049AB-E61B-45D4-A3DB-6A606FF38B90}) (Version: 1.00.000 - Dell Inc.) Dell C2665dnf Color MFP Address Book Editor Ver.1.0.0.0 (HKLM-x32\...\{723B61D6-A73A-4DB7-B8E1-E2D2F7DC58F2}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scan Button Manager Ver.1.0.0.0 (HKLM-x32\...\{5C054E48-4070-4D22-BB5F-CC2294D76FD7}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scanner Driver (HKLM-x32\...\{AF194BFC-5C05-4408-B2DF-5CF30BC556D2}) (Version: 1.1.0.0 - Dell Inc.) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd) QuickBooks (HKLM-x32\...\{31566BB1-C43D-4D96-9504-57E42B1FD86D}) (Version: 23.0.4001.2305 - Intuit Inc.) Hidden QuickBooks Enterprise Solutions: Accountant Edition 13.0 (HKLM-x32\...\{30823A86-D1BF-4D42-8E86-892F3D956254}) (Version: 23.0.4001.2305 - Intuit Inc.) Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.3.0.0 - CANON INC.) Workspace Desktop (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\workspacedesktop) (Version: - Starfield Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC) ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-08-12] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00E72EBA-DF0C-4CCB-AD75-178DA9ACE874} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {0D52D023-F2DD-4079-AA77-D1DA564D5E94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-06] () Task: {1AF420F1-2C37-43A4-B3AA-6617B6634580} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {307D7C55-9C85-43AE-892E-6DC07B71CBBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-01] (Microsoft Corporation) Task: {4E42997C-69FA-43B5-9877-E1D9270F60F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {5501D7E5-7D34-4BEE-A485-0B12ECF75F52} - System32\Tasks\{18199DFC-AEAA-447F-92C1-06E60D638CEB} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {57369104-E58E-4282-B0AD-096CD5276AFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6C04F400-30A3-4864-9A0F-AD16CB8E88BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {8CB43446-8AA9-428E-9751-524E2A556D57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {8E2377A9-FA9C-496F-BA43-4EC99CB57D30} - System32\Tasks\{5C185BC4-06C9-466A-8B6D-786D474531B4} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {A2458D2B-7E8F-4630-AF59-1280946DACF4} - System32\Tasks\{5D6D1740-3511-4852-A1C7-32BECC630251} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {CA7ED872-C67E-402F-83ED-2D6E6D0A89B3} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2016-06-09] (CANON INC.) Task: {D339F89F-9E12-4095-BC92-16CAC1A67157} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {DEE56423-EB69-42B6-9075-5EF6E38D0EC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated) Task: {E07FE3A1-72AE-41C7-AA96-7E805FD1FE38} - System32\Tasks\{F56A1271-D174-4ED3-9019-070A6F3E70ED} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {E7FD4982-4F21-4BD4-96F4-E6803FAA676C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {F0DBBE9E-94D7-47FA-A4EA-ABFEEE60B9F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {FF8BA46C-2249-4C38-A846-17AC049B25E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-02-06 12:27 - 2010-08-26 18:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2017-02-01 14:44 - 2017-02-01 14:44 - 000959168 _____ () C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2014-02-06 12:27 - 2010-08-26 18:47 - 004577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2014-08-12 11:06 - 2014-08-12 11:06 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2018-03-12 14:17 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-12 14:17 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2014-02-06 12:27 - 2010-07-09 17:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2014-02-06 12:27 - 2010-02-03 12:31 - 000282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2017-02-01 14:30 - 2018-03-01 16:45 - 001012400 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 67.205.168.151 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Beauty Exchange^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{425CB310-409A-4135-B0CE-040B12ABA48F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F55F366B-684A-418B-BA27-1906A767028C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2A0D0239-7018-4AE3-8530-18F91726CC31}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{904D3FB7-4FAE-47D5-A17B-C4354C209901}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{EC89CDFE-F050-45E3-A472-969ADC3EB656}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{1CBC0135-10CC-4139-ADF4-916FBAE180F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{3C4B45F7-BCAE-404D-91EF-26B0957F0125}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{3CF06724-F832-4D59-826F-90BA69386A1F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{7545DF13-0C8D-4DE1-967B-4F3F09A78861}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{74836C3B-FBA9-48C3-B65D-794C7AC78735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{07BE2CF9-668E-4830-8479-104BD43EDB5A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{C3DFF8F6-89A9-4F29-9304-56FE0552BE51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{08683AFF-C203-49A8-BD7D-82A96FFF5653}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{DBBAD4FF-3A30-4630-93F1-EEB677659ABD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{FE57A986-8C84-4856-8298-32EE504D2546}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{48E9A2BE-6856-4F24-9722-3884AAC28D70}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{E686F621-86B5-4452-A2C7-E67DB8C5F169}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [UDP Query User{5F587471-FEB5-4795-82D0-11DA4656BEA7}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [{A028D047-1B85-4DD4-9BCE-01E027C32B3C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{0049DE10-41AE-49AC-AEF2-1BF628CFD455}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{CFB730C8-3F32-4E81-80E4-BC0EB20FABB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0AF3ACA2-1933-4E44-AA7D-874F65E9D390}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{BE774B78-25DB-4347-BC20-7F5CB68013B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{ECB73631-974F-43A9-AE69-2A692EACE97A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-09-2016 16:29:11 Installed Dell C2665dnf Color MFP Scan Driver 09-01-2017 15:07:33 Installed Dell C2665dnf Color MFP Scan Driver 02-03-2018 12:30:03 Removed Adobe Acrobat Reader DC. 05-03-2018 17:54:14 Removed Adobe Acrobat Reader DC. 06-03-2018 12:51:22 Removed Adobe Acrobat Reader DC. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2018 02:22:35 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 02:12:09 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:47:36 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:40:43 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:37:47 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: Initialize TwdsMain Class failed! Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/12/2018 01:33:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:10.824]: [00003460]: Initialize TwdsMain Class failed! System errors: ============= Error: (03/12/2018 01:46:49 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:06:36 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 09:03:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The AMD FUEL Service service hung on starting. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/08/2018 12:59:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 56% Total physical RAM: 8190.49 MB Available physical RAM: 3545.78 MB Total Virtual: 16379.16 MB Available Virtual: 11688.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:866.04 GB) NTFS \\?\Volume{98ef4543-8efb-11e3-874e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A03D0812) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.