It seems as though my (work) computer has sent out a large amount of emails to people I may have recently been in contact with. The email (which was not sent by me) contained a dead link [the link did not open anything] according to those who reached out to me regarding this email.
If someone could help verify the issue, it would be greatly appreciated.
Here are the .txt files extracted from the Farbar Recovery Scan Tool (x64 bit) (FRST)
- FRST.txt -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by Beauty Exchange (administrator) on BEAUTYEXCHANGE (12-03-2018 14:23:11)
Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP
Loaded Profiles: Beauty Exchange & QBDataServiceUser23 (Available Profiles: Beauty Exchange & QBDataServiceUser23 & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(Starfield Technologies) C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [425512 2015-01-22] (CANON INC.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-12-16] (Power Software Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1868520 2016-08-08] (CANON INC.)
HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [Starfield Updater] => C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe [35008 2017-02-06] (Starfield Technologies)
HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [aepitall] => C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Devisapi\apilrror.exe [667136 2018-03-01] ()
HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\MountPoints2: {28a85a68-3fb9-11e6-b05c-7071bca08d5f} - J:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2014-02-06]
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4EC0104C-B538-4FC0-8AE6-8A27EE6982D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{700705CE-A709-4CA7-A019-19B8C24DD241}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [NameServer] 67.205.168.151
Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-890987734-199605990-4172685101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> DefaultScope {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://apps8.fldfs.com/aspnet_client/system_web/4_0_30319/crystalreportviewers12/ActiveXControls/PrintControl.cab
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Beauty Exchange\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online)
FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.googl.e.com/"
CHR Profile: C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default [2018-03-05]
CHR Extension: (Docs) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25]
CHR Extension: (Google Drive) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05]
CHR Extension: (Gmail) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-12] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-12] (Malwarebytes)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-12 14:21 - 2018-03-12 14:23 - 000000000 ____D C:\FRST
2018-03-12 14:17 - 2018-03-12 14:21 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-12 14:17 - 2018-03-12 14:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-12 14:17 - 2018-03-12 14:17 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-12 14:17 - 2018-03-12 14:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-12 14:17 - 2018-03-12 14:17 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-12 14:17 - 2018-03-12 14:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\MB2Migration
2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-12 14:17 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-08 11:26 - 2018-03-08 11:26 - 000011446 _____ C:\Users\Beauty Exchange\Downloads\Untitled (2)
2018-03-02 12:31 - 2018-03-05 17:54 - 000000000 ____D C:\Windows\system32\appmgmt
2018-03-02 04:28 - 2018-03-02 04:28 - 000000000 ____D C:\6f16d32e1493efcc5377a4493987a767
2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe
2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe
2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 _____ C:\Users\Beauty Exchange\Documents\1.txt
2018-02-27 14:17 - 2018-02-27 14:17 - 000123013 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (6).pdf
2018-02-27 14:15 - 2018-02-27 14:15 - 000114003 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (2).pdf
2018-02-23 13:43 - 2018-02-23 13:43 - 000347473 _____ C:\Users\Beauty Exchange\Desktop\Open Enrollment Letter.pdf
2018-02-22 16:03 - 2018-02-22 16:03 - 000088991 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (1).pdf
2018-02-22 16:01 - 2018-02-22 16:01 - 000074642 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018.pdf
2018-02-20 17:38 - 2018-02-20 17:38 - 000198551 _____ C:\Users\Beauty Exchange\Downloads\Federal W-2 4_1_2017 (2).pdf
2018-02-20 17:28 - 2018-02-20 17:28 - 000121798 _____ C:\Users\Beauty Exchange\Downloads\W2 Verification Report 4_1_2017.pdf
2018-02-20 17:19 - 2018-02-20 17:19 - 000213707 _____ C:\Users\Beauty Exchange\Downloads\Payroll Reports - All of the Above 2_16_2018.PDF
2018-02-20 17:16 - 2018-02-20 17:16 - 000123208 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018 (1).pdf
2018-02-20 17:04 - 2018-02-20 17:04 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (3).pdf
2018-02-20 17:03 - 2018-02-20 17:03 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (3).pdf
2018-02-20 17:02 - 2018-02-20 17:02 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (5).pdf
2018-02-20 17:00 - 2018-02-20 17:00 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (2).pdf
2018-02-20 16:55 - 2018-02-20 16:55 - 000088884 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018.pdf
2018-02-20 16:48 - 2018-02-20 16:48 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (1).pdf
2018-02-20 16:47 - 2018-02-20 16:47 - 000064904 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_12_2018.pdf
2018-02-20 16:45 - 2018-02-20 16:45 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (4).pdf
2018-02-20 16:43 - 2018-02-20 16:43 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (2).pdf
2018-02-20 16:25 - 2018-02-20 16:25 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (2).pdf
2018-02-16 10:21 - 2018-02-16 10:21 - 000000000 ____D C:\74f73fd7d831c9dbc9ff93e379
2018-02-13 12:53 - 2018-02-13 12:53 - 000118676 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (3).pdf
2018-02-13 12:50 - 2018-02-13 12:50 - 000109816 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018.pdf
2018-02-13 10:50 - 2018-02-13 10:50 - 000000000 ____D C:\833241a07707b2b730e6446d
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-12 14:17 - 2014-06-30 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-12 13:48 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-12 13:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-12 13:44 - 2016-10-28 09:03 - 000003490 _____ C:\Windows\System32\Tasks\AutoKMS
2018-03-12 13:43 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-12 12:08 - 2016-06-30 12:07 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Office Forms
2018-03-12 10:36 - 2016-06-27 13:18 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#13 Document
2018-03-12 10:32 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#5 Document
2018-03-08 17:35 - 2016-06-27 13:17 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#11 Document
2018-03-08 11:28 - 2016-07-19 15:32 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\MY PERSONAL
2018-03-07 16:15 - 2017-11-30 17:32 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#18 Document
2018-03-07 13:40 - 2017-08-16 14:16 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Payroll By Week
2018-03-07 11:19 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#6 Document
2018-03-06 15:32 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#8 Document
2018-03-06 15:24 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#7 Document
2018-03-06 14:55 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#4 Document
2018-03-06 14:51 - 2016-06-27 13:10 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#3 Document
2018-03-06 14:43 - 2016-06-27 13:09 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#2 Document
2018-03-06 14:34 - 2017-02-15 15:30 - 000042992 _____ C:\Users\Beauty Exchange\Documents\SALON PAYROLL SHEET 2018.xlsx
2018-03-06 14:33 - 2016-06-27 13:08 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#1 Document
2018-03-06 12:52 - 2014-02-06 00:32 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-06 10:38 - 2017-09-06 10:06 - 000000499 _____ C:\Users\Beauty Exchange\Desktop\Sign In.website
2018-03-02 12:36 - 2014-02-06 00:18 - 000000000 ____D C:\Users\Beauty Exchange\AppData\Local\Adobe
2018-03-02 12:35 - 2017-02-22 11:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-02 12:19 - 2016-03-24 17:10 - 000000000 ____D C:\Program Files (x86)\Raptr Inc
2018-03-02 04:28 - 2017-02-01 14:43 - 000000000 ___HT C:\Windows\wusa.lock
2018-03-02 04:28 - 2014-02-06 00:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-03-02 04:25 - 2014-02-06 00:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-01 13:23 - 2017-05-19 11:06 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#19 Document
2018-02-28 16:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#10 Document
2018-02-28 11:32 - 2016-09-07 15:25 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#16 Document
2018-02-27 10:21 - 2014-02-06 00:17 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-27 10:21 - 2014-02-06 00:17 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-22 16:56 - 2017-03-28 10:41 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\#9 Danny
2018-02-19 10:43 - 2015-05-15 15:46 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Raptr
2018-02-14 10:37 - 2017-11-20 12:41 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Canon Fax Data
2018-02-13 17:03 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-02-13 15:04 - 2017-04-04 13:50 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Fax
2018-02-12 16:01 - 2017-03-27 10:38 - 000000000 ____D C:\Users\Beauty Exchange\Documents\OneNote Notebooks
2018-02-12 12:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#9 Document
==================== Files in the root of some directories =======
2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe
2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe
Some files in TEMP:
====================
2018-03-01 10:57 - 2018-03-01 10:57 - 000577536 _____ (OrecX Thin) C:\Users\Beauty Exchange\AppData\Local\Temp\1403665.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-07 09:45
==================== End of FRST.txt ===========
ADDITION.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by Beauty Exchange (12-03-2018 14:23:52)
Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP
Windows 7 Ultimate Service Pack 1 (X64) (2014-02-06 04:03:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-890987734-199605990-4172685101-500 - Administrator - Disabled)
Beauty Exchange (S-1-5-21-890987734-199605990-4172685101-1000 - Administrator - Enabled) => C:\Users\Beauty Exchange
Guest (S-1-5-21-890987734-199605990-4172685101-501 - Limited - Enabled) => C:\Users\Guest
QBDataServiceUser23 (S-1-5-21-890987734-199605990-4172685101-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser23
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B0B857B4-B5CD-7BBB-23FC-6FB64A8A1FD1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
App Manager - Dell C2665dnf (HKLM-x32\...\{B873FAEC-1627-4899-88C4-B8D0D0424F1D}) (Version: 1.00.000 - Dell Inc.)
Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.0.6 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.0.6.10005 - CANON INC.)
Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.3.0.0 - CANON INC.)
Canon MF731C/733C (HKLM\...\{28DD6D0E-A759-4A32-B9A8-0BC6EAB372A8}) (Version: 5.4.0.0 - CANON INC.)
Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix)
Configuration Tool - Dell C2665dnf (HKLM-x32\...\{5AC049AB-E61B-45D4-A3DB-6A606FF38B90}) (Version: 1.00.000 - Dell Inc.)
Dell C2665dnf Color MFP Address Book Editor Ver.1.0.0.0 (HKLM-x32\...\{723B61D6-A73A-4DB7-B8E1-E2D2F7DC58F2}) (Version: 1.0.0.0 - Dell Inc.)
Dell C2665dnf Color MFP Scan Button Manager Ver.1.0.0.0 (HKLM-x32\...\{5C054E48-4070-4D22-BB5F-CC2294D76FD7}) (Version: 1.0.0.0 - Dell Inc.)
Dell C2665dnf Color MFP Scanner Driver (HKLM-x32\...\{AF194BFC-5C05-4408-B2DF-5CF30BC556D2}) (Version: 1.1.0.0 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
QuickBooks (HKLM-x32\...\{31566BB1-C43D-4D96-9504-57E42B1FD86D}) (Version: 23.0.4001.2305 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions: Accountant Edition 13.0 (HKLM-x32\...\{30823A86-D1BF-4D42-8E86-892F3D956254}) (Version: 23.0.4001.2305 - Intuit Inc.)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.3.0.0 - CANON INC.)
Workspace Desktop (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\workspacedesktop) (Version: - Starfield Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-08-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E72EBA-DF0C-4CCB-AD75-178DA9ACE874} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation)
Task: {0D52D023-F2DD-4079-AA77-D1DA564D5E94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-06] ()
Task: {1AF420F1-2C37-43A4-B3AA-6617B6634580} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {307D7C55-9C85-43AE-892E-6DC07B71CBBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-01] (Microsoft Corporation)
Task: {4E42997C-69FA-43B5-9877-E1D9270F60F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {5501D7E5-7D34-4BEE-A485-0B12ECF75F52} - System32\Tasks\{18199DFC-AEAA-447F-92C1-06E60D638CEB} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Task: {57369104-E58E-4282-B0AD-096CD5276AFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6C04F400-30A3-4864-9A0F-AD16CB8E88BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation)
Task: {8CB43446-8AA9-428E-9751-524E2A556D57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {8E2377A9-FA9C-496F-BA43-4EC99CB57D30} - System32\Tasks\{5C185BC4-06C9-466A-8B6D-786D474531B4} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Task: {A2458D2B-7E8F-4630-AF59-1280946DACF4} - System32\Tasks\{5D6D1740-3511-4852-A1C7-32BECC630251} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Task: {CA7ED872-C67E-402F-83ED-2D6E6D0A89B3} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2016-06-09] (CANON INC.)
Task: {D339F89F-9E12-4095-BC92-16CAC1A67157} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation)
Task: {DEE56423-EB69-42B6-9075-5EF6E38D0EC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {E07FE3A1-72AE-41C7-AA96-7E805FD1FE38} - System32\Tasks\{F56A1271-D174-4ED3-9019-070A6F3E70ED} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Task: {E7FD4982-4F21-4BD4-96F4-E6803FAA676C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F0DBBE9E-94D7-47FA-A4EA-ABFEEE60B9F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FF8BA46C-2249-4C38-A846-17AC049B25E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-02-06 12:27 - 2010-08-26 18:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2017-02-01 14:44 - 2017-02-01 14:44 - 000959168 _____ () C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-02-06 12:27 - 2010-08-26 18:47 - 004577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-08-12 11:06 - 2014-08-12 11:06 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-03-12 14:17 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-12 14:17 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-02-06 12:27 - 2010-07-09 17:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2014-02-06 12:27 - 2010-02-03 12:31 - 000282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2017-02-01 14:30 - 2018-03-01 16:45 - 001012400 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-890987734-199605990-4172685101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 67.205.168.151
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Beauty Exchange^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{425CB310-409A-4135-B0CE-040B12ABA48F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F55F366B-684A-418B-BA27-1906A767028C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2A0D0239-7018-4AE3-8530-18F91726CC31}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{904D3FB7-4FAE-47D5-A17B-C4354C209901}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{EC89CDFE-F050-45E3-A472-969ADC3EB656}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{1CBC0135-10CC-4139-ADF4-916FBAE180F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{3C4B45F7-BCAE-404D-91EF-26B0957F0125}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3CF06724-F832-4D59-826F-90BA69386A1F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7545DF13-0C8D-4DE1-967B-4F3F09A78861}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{74836C3B-FBA9-48C3-B65D-794C7AC78735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{07BE2CF9-668E-4830-8479-104BD43EDB5A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C3DFF8F6-89A9-4F29-9304-56FE0552BE51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{08683AFF-C203-49A8-BD7D-82A96FFF5653}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{DBBAD4FF-3A30-4630-93F1-EEB677659ABD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FE57A986-8C84-4856-8298-32EE504D2546}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{48E9A2BE-6856-4F24-9722-3884AAC28D70}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{E686F621-86B5-4452-A2C7-E67DB8C5F169}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe
FirewallRules: [UDP Query User{5F587471-FEB5-4795-82D0-11DA4656BEA7}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe
FirewallRules: [{A028D047-1B85-4DD4-9BCE-01E027C32B3C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{0049DE10-41AE-49AC-AEF2-1BF628CFD455}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{CFB730C8-3F32-4E81-80E4-BC0EB20FABB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0AF3ACA2-1933-4E44-AA7D-874F65E9D390}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BE774B78-25DB-4347-BC20-7F5CB68013B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{ECB73631-974F-43A9-AE69-2A692EACE97A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
21-09-2016 16:29:11 Installed Dell C2665dnf Color MFP Scan Driver
09-01-2017 15:07:33 Installed Dell C2665dnf Color MFP Scan Driver
02-03-2018 12:30:03 Removed Adobe Acrobat Reader DC.
05-03-2018 17:54:14 Removed Adobe Acrobat Reader DC.
06-03-2018 12:51:22 Removed Adobe Acrobat Reader DC.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/12/2018 02:22:35 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f).
Error: (03/12/2018 02:12:09 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f).
Error: (03/12/2018 01:47:36 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f).
Error: (03/12/2018 01:40:43 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f).
Error: (03/12/2018 01:37:47 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f).
Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: Initialize TwdsMain Class failed!
Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: ##### Fatal ERROR!! Create STI-device failed! #####
Error: (03/12/2018 01:33:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2018/03/12 13:33:10.824]: [00003460]: Initialize TwdsMain Class failed!
System errors:
=============
Error: (03/12/2018 01:46:49 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}.
The backup browser is stopping.
Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2018 09:06:36 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}.
The backup browser is stopping.
Error: (03/12/2018 09:03:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The AMD FUEL Service service hung on starting.
Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (03/08/2018 12:59:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 56%
Total physical RAM: 8190.49 MB
Available physical RAM: 3545.78 MB
Total Virtual: 16379.16 MB
Available Virtual: 11688.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:866.04 GB) NTFS
\\?\Volume{98ef4543-8efb-11e3-874e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A03D0812)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================