Jump to content

Search the Community

Showing results for tags 'virus'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 149 results

  1. So I have a problem I downloaded a hack for a free to play game and censoreded up the guy has like thousand subs but wtf? So the problem is I disabled windows update but the svchost still has 50% I also have tried other ways but nothing worked, I get bsods, sometimes when turning off , Restarting, My pc is normal in safe mode anyone could help me fix this ty
  2. Hey guys, I use malwarebytes no doubts in that but whenever i sign in my PC after every 5 min.s i get a opened command prompt windows with a weird name like("aghdbcfg3w") Something like that and i get a POP up windows saying that the computer couldn't find the required file, please try writing the name correctly, whereas i didn't type anything or the other! Because of that VIRUS, i think i am getting unwanted Ads on Youtube and i can clearly say that the ads are some kind of Virus. So i have installed AdBlockPlus, And i am providing a screenshot of the popup window and if you need other info please do reply! Thanks
  3. It seems as though my (work) computer has sent out a large amount of emails to people I may have recently been in contact with. The email (which was not sent by me) contained a dead link [the link did not open anything] according to those who reached out to me regarding this email. If someone could help verify the issue, it would be greatly appreciated. Here are the .txt files extracted from the Farbar Recovery Scan Tool (x64 bit) (FRST) - FRST.txt - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (administrator) on BEAUTYEXCHANGE (12-03-2018 14:23:11) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Loaded Profiles: Beauty Exchange & QBDataServiceUser23 (Available Profiles: Beauty Exchange & QBDataServiceUser23 & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE (Starfield Technologies) C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [425512 2015-01-22] (CANON INC.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-12-16] (Power Software Ltd) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1868520 2016-08-08] (CANON INC.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [Starfield Updater] => C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe [35008 2017-02-06] (Starfield Technologies) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [aepitall] => C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Devisapi\apilrror.exe [667136 2018-03-01] () HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\MountPoints2: {28a85a68-3fb9-11e6-b05c-7071bca08d5f} - J:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2014-02-06] ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-12] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4EC0104C-B538-4FC0-8AE6-8A27EE6982D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{700705CE-A709-4CA7-A019-19B8C24DD241}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [NameServer] 67.205.168.151 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-890987734-199605990-4172685101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> DefaultScope {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://apps8.fldfs.com/aspnet_client/system_web/4_0_30319/crystalreportviewers12/ActiveXControls/PrintControl.cab Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06] [Legacy] [not signed] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Beauty Exchange\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.googl.e.com/" CHR Profile: C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default [2018-03-05] CHR Extension: (Docs) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25] CHR Extension: (Google Drive) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17] CHR Extension: (YouTube) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17] CHR Extension: (Google Search) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17] CHR Extension: (Google Docs Offline) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05] CHR Extension: (Gmail) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15] CHR Extension: (Chrome Media Router) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-12] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.) R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-12] (Malwarebytes) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2018-03-12 14:23 - 000000000 ____D C:\FRST 2018-03-12 14:17 - 2018-03-12 14:21 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\MB2Migration 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-12 14:17 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-08 11:26 - 2018-03-08 11:26 - 000011446 _____ C:\Users\Beauty Exchange\Downloads\Untitled (2) 2018-03-02 12:31 - 2018-03-05 17:54 - 000000000 ____D C:\Windows\system32\appmgmt 2018-03-02 04:28 - 2018-03-02 04:28 - 000000000 ____D C:\6f16d32e1493efcc5377a4493987a767 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 _____ C:\Users\Beauty Exchange\Documents\1.txt 2018-02-27 14:17 - 2018-02-27 14:17 - 000123013 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (6).pdf 2018-02-27 14:15 - 2018-02-27 14:15 - 000114003 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (2).pdf 2018-02-23 13:43 - 2018-02-23 13:43 - 000347473 _____ C:\Users\Beauty Exchange\Desktop\Open Enrollment Letter.pdf 2018-02-22 16:03 - 2018-02-22 16:03 - 000088991 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (1).pdf 2018-02-22 16:01 - 2018-02-22 16:01 - 000074642 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018.pdf 2018-02-20 17:38 - 2018-02-20 17:38 - 000198551 _____ C:\Users\Beauty Exchange\Downloads\Federal W-2 4_1_2017 (2).pdf 2018-02-20 17:28 - 2018-02-20 17:28 - 000121798 _____ C:\Users\Beauty Exchange\Downloads\W2 Verification Report 4_1_2017.pdf 2018-02-20 17:19 - 2018-02-20 17:19 - 000213707 _____ C:\Users\Beauty Exchange\Downloads\Payroll Reports - All of the Above 2_16_2018.PDF 2018-02-20 17:16 - 2018-02-20 17:16 - 000123208 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018 (1).pdf 2018-02-20 17:04 - 2018-02-20 17:04 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (3).pdf 2018-02-20 17:03 - 2018-02-20 17:03 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (3).pdf 2018-02-20 17:02 - 2018-02-20 17:02 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (5).pdf 2018-02-20 17:00 - 2018-02-20 17:00 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (2).pdf 2018-02-20 16:55 - 2018-02-20 16:55 - 000088884 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018.pdf 2018-02-20 16:48 - 2018-02-20 16:48 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (1).pdf 2018-02-20 16:47 - 2018-02-20 16:47 - 000064904 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_12_2018.pdf 2018-02-20 16:45 - 2018-02-20 16:45 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (4).pdf 2018-02-20 16:43 - 2018-02-20 16:43 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (2).pdf 2018-02-20 16:25 - 2018-02-20 16:25 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (2).pdf 2018-02-16 10:21 - 2018-02-16 10:21 - 000000000 ____D C:\74f73fd7d831c9dbc9ff93e379 2018-02-13 12:53 - 2018-02-13 12:53 - 000118676 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (3).pdf 2018-02-13 12:50 - 2018-02-13 12:50 - 000109816 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018.pdf 2018-02-13 10:50 - 2018-02-13 10:50 - 000000000 ____D C:\833241a07707b2b730e6446d ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:17 - 2014-06-30 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-12 13:48 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-12 13:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-03-12 13:44 - 2016-10-28 09:03 - 000003490 _____ C:\Windows\System32\Tasks\AutoKMS 2018-03-12 13:43 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-12 12:08 - 2016-06-30 12:07 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Office Forms 2018-03-12 10:36 - 2016-06-27 13:18 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#13 Document 2018-03-12 10:32 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#5 Document 2018-03-08 17:35 - 2016-06-27 13:17 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#11 Document 2018-03-08 11:28 - 2016-07-19 15:32 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\MY PERSONAL 2018-03-07 16:15 - 2017-11-30 17:32 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#18 Document 2018-03-07 13:40 - 2017-08-16 14:16 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Payroll By Week 2018-03-07 11:19 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#6 Document 2018-03-06 15:32 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#8 Document 2018-03-06 15:24 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#7 Document 2018-03-06 14:55 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#4 Document 2018-03-06 14:51 - 2016-06-27 13:10 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#3 Document 2018-03-06 14:43 - 2016-06-27 13:09 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#2 Document 2018-03-06 14:34 - 2017-02-15 15:30 - 000042992 _____ C:\Users\Beauty Exchange\Documents\SALON PAYROLL SHEET 2018.xlsx 2018-03-06 14:33 - 2016-06-27 13:08 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#1 Document 2018-03-06 12:52 - 2014-02-06 00:32 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-06 10:38 - 2017-09-06 10:06 - 000000499 _____ C:\Users\Beauty Exchange\Desktop\Sign In.website 2018-03-02 12:36 - 2014-02-06 00:18 - 000000000 ____D C:\Users\Beauty Exchange\AppData\Local\Adobe 2018-03-02 12:35 - 2017-02-22 11:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-03-02 12:19 - 2016-03-24 17:10 - 000000000 ____D C:\Program Files (x86)\Raptr Inc 2018-03-02 04:28 - 2017-02-01 14:43 - 000000000 ___HT C:\Windows\wusa.lock 2018-03-02 04:28 - 2014-02-06 00:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-02 04:25 - 2014-02-06 00:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-01 13:23 - 2017-05-19 11:06 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#19 Document 2018-02-28 16:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#10 Document 2018-02-28 11:32 - 2016-09-07 15:25 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#16 Document 2018-02-27 10:21 - 2014-02-06 00:17 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-27 10:21 - 2014-02-06 00:17 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-22 16:56 - 2017-03-28 10:41 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\#9 Danny 2018-02-19 10:43 - 2015-05-15 15:46 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Raptr 2018-02-14 10:37 - 2017-11-20 12:41 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Canon Fax Data 2018-02-13 17:03 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2018-02-13 15:04 - 2017-04-04 13:50 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Fax 2018-02-12 16:01 - 2017-03-27 10:38 - 000000000 ____D C:\Users\Beauty Exchange\Documents\OneNote Notebooks 2018-02-12 12:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#9 Document ==================== Files in the root of some directories ======= 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe Some files in TEMP: ==================== 2018-03-01 10:57 - 2018-03-01 10:57 - 000577536 _____ (OrecX Thin) C:\Users\Beauty Exchange\AppData\Local\Temp\1403665.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-07 09:45 ==================== End of FRST.txt =========== ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (12-03-2018 14:23:52) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Windows 7 Ultimate Service Pack 1 (X64) (2014-02-06 04:03:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-890987734-199605990-4172685101-500 - Administrator - Disabled) Beauty Exchange (S-1-5-21-890987734-199605990-4172685101-1000 - Administrator - Enabled) => C:\Users\Beauty Exchange Guest (S-1-5-21-890987734-199605990-4172685101-501 - Limited - Enabled) => C:\Users\Guest QBDataServiceUser23 (S-1-5-21-890987734-199605990-4172685101-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser23 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{B0B857B4-B5CD-7BBB-23FC-6FB64A8A1FD1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) App Manager - Dell C2665dnf (HKLM-x32\...\{B873FAEC-1627-4899-88C4-B8D0D0424F1D}) (Version: 1.00.000 - Dell Inc.) Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.0.6 - CANON INC.) Hidden Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.0.6.10005 - CANON INC.) Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.3.0.0 - CANON INC.) Canon MF731C/733C (HKLM\...\{28DD6D0E-A759-4A32-B9A8-0BC6EAB372A8}) (Version: 5.4.0.0 - CANON INC.) Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix) Configuration Tool - Dell C2665dnf (HKLM-x32\...\{5AC049AB-E61B-45D4-A3DB-6A606FF38B90}) (Version: 1.00.000 - Dell Inc.) Dell C2665dnf Color MFP Address Book Editor Ver.1.0.0.0 (HKLM-x32\...\{723B61D6-A73A-4DB7-B8E1-E2D2F7DC58F2}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scan Button Manager Ver.1.0.0.0 (HKLM-x32\...\{5C054E48-4070-4D22-BB5F-CC2294D76FD7}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scanner Driver (HKLM-x32\...\{AF194BFC-5C05-4408-B2DF-5CF30BC556D2}) (Version: 1.1.0.0 - Dell Inc.) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd) QuickBooks (HKLM-x32\...\{31566BB1-C43D-4D96-9504-57E42B1FD86D}) (Version: 23.0.4001.2305 - Intuit Inc.) Hidden QuickBooks Enterprise Solutions: Accountant Edition 13.0 (HKLM-x32\...\{30823A86-D1BF-4D42-8E86-892F3D956254}) (Version: 23.0.4001.2305 - Intuit Inc.) Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.3.0.0 - CANON INC.) Workspace Desktop (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\workspacedesktop) (Version: - Starfield Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC) ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-08-12] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00E72EBA-DF0C-4CCB-AD75-178DA9ACE874} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {0D52D023-F2DD-4079-AA77-D1DA564D5E94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-06] () Task: {1AF420F1-2C37-43A4-B3AA-6617B6634580} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {307D7C55-9C85-43AE-892E-6DC07B71CBBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-01] (Microsoft Corporation) Task: {4E42997C-69FA-43B5-9877-E1D9270F60F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {5501D7E5-7D34-4BEE-A485-0B12ECF75F52} - System32\Tasks\{18199DFC-AEAA-447F-92C1-06E60D638CEB} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {57369104-E58E-4282-B0AD-096CD5276AFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6C04F400-30A3-4864-9A0F-AD16CB8E88BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {8CB43446-8AA9-428E-9751-524E2A556D57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {8E2377A9-FA9C-496F-BA43-4EC99CB57D30} - System32\Tasks\{5C185BC4-06C9-466A-8B6D-786D474531B4} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {A2458D2B-7E8F-4630-AF59-1280946DACF4} - System32\Tasks\{5D6D1740-3511-4852-A1C7-32BECC630251} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {CA7ED872-C67E-402F-83ED-2D6E6D0A89B3} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2016-06-09] (CANON INC.) Task: {D339F89F-9E12-4095-BC92-16CAC1A67157} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {DEE56423-EB69-42B6-9075-5EF6E38D0EC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated) Task: {E07FE3A1-72AE-41C7-AA96-7E805FD1FE38} - System32\Tasks\{F56A1271-D174-4ED3-9019-070A6F3E70ED} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {E7FD4982-4F21-4BD4-96F4-E6803FAA676C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {F0DBBE9E-94D7-47FA-A4EA-ABFEEE60B9F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {FF8BA46C-2249-4C38-A846-17AC049B25E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-02-06 12:27 - 2010-08-26 18:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2017-02-01 14:44 - 2017-02-01 14:44 - 000959168 _____ () C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2014-02-06 12:27 - 2010-08-26 18:47 - 004577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2014-08-12 11:06 - 2014-08-12 11:06 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2018-03-12 14:17 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-12 14:17 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2014-02-06 12:27 - 2010-07-09 17:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2014-02-06 12:27 - 2010-02-03 12:31 - 000282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2017-02-01 14:30 - 2018-03-01 16:45 - 001012400 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 67.205.168.151 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Beauty Exchange^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{425CB310-409A-4135-B0CE-040B12ABA48F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F55F366B-684A-418B-BA27-1906A767028C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2A0D0239-7018-4AE3-8530-18F91726CC31}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{904D3FB7-4FAE-47D5-A17B-C4354C209901}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{EC89CDFE-F050-45E3-A472-969ADC3EB656}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{1CBC0135-10CC-4139-ADF4-916FBAE180F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{3C4B45F7-BCAE-404D-91EF-26B0957F0125}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{3CF06724-F832-4D59-826F-90BA69386A1F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{7545DF13-0C8D-4DE1-967B-4F3F09A78861}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{74836C3B-FBA9-48C3-B65D-794C7AC78735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{07BE2CF9-668E-4830-8479-104BD43EDB5A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{C3DFF8F6-89A9-4F29-9304-56FE0552BE51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{08683AFF-C203-49A8-BD7D-82A96FFF5653}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{DBBAD4FF-3A30-4630-93F1-EEB677659ABD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{FE57A986-8C84-4856-8298-32EE504D2546}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{48E9A2BE-6856-4F24-9722-3884AAC28D70}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{E686F621-86B5-4452-A2C7-E67DB8C5F169}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [UDP Query User{5F587471-FEB5-4795-82D0-11DA4656BEA7}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [{A028D047-1B85-4DD4-9BCE-01E027C32B3C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{0049DE10-41AE-49AC-AEF2-1BF628CFD455}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{CFB730C8-3F32-4E81-80E4-BC0EB20FABB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0AF3ACA2-1933-4E44-AA7D-874F65E9D390}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{BE774B78-25DB-4347-BC20-7F5CB68013B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{ECB73631-974F-43A9-AE69-2A692EACE97A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-09-2016 16:29:11 Installed Dell C2665dnf Color MFP Scan Driver 09-01-2017 15:07:33 Installed Dell C2665dnf Color MFP Scan Driver 02-03-2018 12:30:03 Removed Adobe Acrobat Reader DC. 05-03-2018 17:54:14 Removed Adobe Acrobat Reader DC. 06-03-2018 12:51:22 Removed Adobe Acrobat Reader DC. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2018 02:22:35 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 02:12:09 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:47:36 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:40:43 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:37:47 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: Initialize TwdsMain Class failed! Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/12/2018 01:33:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:10.824]: [00003460]: Initialize TwdsMain Class failed! System errors: ============= Error: (03/12/2018 01:46:49 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:06:36 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 09:03:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The AMD FUEL Service service hung on starting. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/08/2018 12:59:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 56% Total physical RAM: 8190.49 MB Available physical RAM: 3545.78 MB Total Virtual: 16379.16 MB Available Virtual: 11688.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:866.04 GB) NTFS \\?\Volume{98ef4543-8efb-11e3-874e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A03D0812) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. Hello all, Everytime I open chrome I get a notification telling me that malwarebytes has blocked "api.testrequest.info" and there is usually a 1-4 after api. I have scanned with malwarebytes and used adwcleaner but the problem still persists. Anybody got an idea of how to fix this?
  5. Please help! I have an HP stream 11 and it suddenly had a message come up regarding malware?? I've tried everything I've read in forums for the last 24 and nothing had helped, it's just getting worse. I no longer I'm able to delete certain files because I don't have to permission. Malwarebytes keeps popping up with a message telling me that PUPs have blocked me from going to a site that I'm trying to go to to clean the virus. I have downloaded as many different malware removers as I can but my computer is becoming less and less usable. Please help!!! Also, every scanner/detector, comes back with a clean result as if nothing is wrong with it, but there's definitely something wrong!!!!
  6. Hello Guys, two weeks ago i'm asked the support to review this domain (see below) because it was banned by Malwarebytes. The support told me ok, and everything was fine with this domain. The site is clear. Yesterday i realized in the virustotal site the Malwarebyes still listed the site. So nothing changed... :/ Malwarebytes hpHosts is different platform? Can you help me? Thanks!
  7. Just want this stupid thing gone and anything associated with it FRST.txt Addition.txt
  8. I honestly have no idea how this got on my computer. I have manually deleted it multiple times and it keeps reappearing, I'm genuinely considering a fresh Windows installation because it's beyond aggravating. It opens multiple unknown background processes that slow down my PC dramatically, I've seen 10+ of these at once. And when I see what the n0B process is linked to, it's "republican.exe" Although, Malwarebytes has discovered that it tries to send websites information. And each time I press close, a new popup appears with the same process and a different website. Constantly. I have found where the application is located and every time I delete it, it re-appears. d And according to Malwarebytes, there are 0 threats detected. If anyone knows how to get rid of this virus, please message me. Thanks, Jack
  9. my computer works very slowly and any antivirus is blocked by some kind of malware, i run a lot of scans but not able to find the problem should i install win 10 from fresh i have a lot of docs, pictures and videos on my laptop harddrive what do you recomend? i am now connected from another laptop as mine doesn t allow me to connect to internet or i connect but very slow
  10. Hi guys. I recently started to notice that whenever I play a game, any game, I get a smooth 120 fps but then after a couple of minutes it drops to about 20 to 10 fps. I found out after some time what the problem was. When I opened task manager I could see that 2 processes are using like 90% of my gpu. They were called csrss.exe (Client Server Runtime Progress) and Desktop Window Manager. I did some research as to why they are doing this and some stuff I read said that it could be a bitcoin generator or something like that. It happens with every game I play. Csgo, Fallout4, you name it. The funny thing is when I am in game, I guickly alt tab to task manager and then for a good 2 seconds I can see these 2 processes use like 90% of my gpu, but then it immediately goes down to 1% after these 2 seconds. Can someone please tell me what the problem is and if it a malware?
  11. I have tried many different antivirus programs to try to get rid of a trojan called Win32/Nevoros.B!Rakr. Its main file is one called isowebi.exe The main problem is the file folder and all files in it are protected. There is no way to change the name, edit, delete. Taskkill cannot stop, or cancel the operations this application does. Because the folder and all contents are protected my one trick was to lock out new programs or folders it created so it couldn't find them again yet that means leaving them on the system. The program loads grenades, touchy, other svc's for the net, and even bit coin mining programs. Used malware bytes rootkit beta didn't work either. The only thing I can think to do is to create a new window boot file, or edit the one I have, but not really sure if that will work.
  12. Hi, First I have seen of this I have a Windows server 2012 essentials and yesterday I got a error, it will not boot up, sits on black screen advising me to email scryptmail.com and they will provide me with a password. Have I got a ransomware virus, do I have any options ? Thank you in advance.
  13. Hi, First I have seen of this I have a Windows server 2012 essentials and yesterday I got a error, it will not boot up, sits on black screen advising me to email scryptmail.com and they will provide me with a password. Have I got a ransomware virus, do I have any options ? I know I can wipe the hard disk and start again but I dont have a backup and the data is important. Anyway does anyone know the name of this new virus ? Thank you in advance.
  14. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off Addition_04-03-2018 09.25.30.txt FRST_04-03-2018 09.25.30.txt mb-check-results.zip
  15. This folder gets created everyday, even if i remove it by JRT , could you please tell what's the problem and to remove it permanently. I used the malwarebytes free version but it didn't remove this one . Report below : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.1.4 (07.09.2017)Operating System: Windows 8.1 Pro x64 Ran by HP (Administrator) on 31-Jan-18 at 16:02:10.53~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~File System: 1 Successfully deleted: C:\users\Public\Documents\pc faster (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 31-Jan-18 at 16:07:25.66End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ JRT.txt
  16. Hello, I found my computer as infected and working very slowly lately. I use the instructions from Staff on the same topic - Windows Defender Chekuem. Please find the files and advise on the future course of actions: malwarebytes_scan.txt AdwCleaner[C0].txt FRST64.txt Addition.txt Best regards, Mathew
  17. I have a Raspberry Pi set up to act as my DNS server on my network to block advertisements (Pi-Hole). It also tracks all DNS searches and has revealed that two domains are being accessed every 2 minutes by my Win7 PC - primewire.ag and 123netflix.com This happens even when the browsers on my PC are closed. I previously visited these domains using Chrome incognito mode so I thought they infected my PC. Malwarebytes and Avira find nothing. There are no suspicious add-ons to my browsers. I kept track of exactly when the Pi-Hole showed access to the two domains from my PC (every 2 minutes exactly). Ran Process Monitor (to show Network Activity) and Wireshark both as Admin. Opened Windows Powershell as Admin and typed: Then I waited and clicked enter on the command exactly when my PC was accessing those 2 domains. Checked Wireshark for the same time and found the packets being sent to the pi-hole to check the DNS of those two domains. Double clicked the packets and scrolled down to find the Source Port numbers: 57098 and 65208 Switched to Process Monitor and located the processes captured during the same time that was using those same Source Port numbers. Double clicked and now I had: the PID (1576), the Path (C:\Windows\system32), the Command Line parameters (-k NetworkService) and the process name (svchost.exe) Unfortunately, it’s the ubiquitous svchost.exe Switch to Windows Powershell and checked out the results from when I ran the tasklist command. PS C:\Users\MyPC> tasklist /svc /fi “imagename eq svchost.exe” Image Name PID Services ========================= ======== ============================================ svchost.exe 1576 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc Now I have the Services behind svchost.exe. Then I went into the Registry and found the Registry Entries for each of the 4 Services and that gave me the DLL files and the file paths. They’re all under %SystemRoot%\System32: Ran system filechecker with command Scanned each file with MalwareBytes and Avira. Nothing found. Decided to check each service’s Display Name and Description: CryptSvc = Cryptographic Services = Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Dnscache = DNS Client = The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer’s name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. LanmanWorkstation = Server = Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. NlaSvc = Network Location Awareness = Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Now I’m stumped. Other than Blacklisting those sites on the Pi-Hole, any ideas on how to find out why they are being accessed every 2 minutes?
  18. I have this problem, whenever I try to download my AMD drivers for my graphics card the Rx 480, my computer crashes during the display install. I thought that it might have been Malwarebytes thinking that what I was installing was malware, so I turn off Malwarebytes to install my drivers. It crashed anyway but I realize that Real-Time (web) Protection will not stay on and when I started up my computer, Real-Time (web) Protection and malware protection was off. I'm assuming that when I shut it down and tried to download the drivers that is when I got an infection and I need help to get rid of it. another thing that happened is that malware said that rootkit scanning was shut off. Addition.txt FRST.txt mb-check-results.zip
  19. Hi, Having massive issues with my windows 7 laptop. I tried to login and it was stuck on the windows loading icon (>1 hour) before booting into a black screen showing just the mouse pointer which I could move around. Tried to boot it into safe mode but the exact same thing happened. I can get into the system recovery tool so tried a system restore but no matter what point in time I choose it fails. Trying to boot in to the last known good config also fails to produce a result. I can open the cmd prompt but don’t really know where to go from here. Considered downloading a win 7 iso image from them but as the product key on the back of the laptop comes up as (essentially) “this a pre installed key, please get in touch with your provider”. Please help!
  20. Hello! I've picked up a virus--extention.citypage--that is causing my Google searches to redirect to Bing. It's beyond frustrating, as I'm sure you know! I've run Malwarebytes several times, but have been unable to get rid of this pesky bug. So now, I bring it to the experts. I have attached the FRST, Addition, and Malwarebytes Threat Log, per instructions. Thank you for reviewing this request. I just purchased this laptop--it's my first not-refurbished machine, and I'm bummed that I've already gone and funked it up! FRST.txt Addition.txt mbthreatlog.txt
  21. Hello! For the past few months, I have been looking online for help for this apparently uncommon virus and have failed to find any useful help, so here I am. I am 100% sure I downloaded this virus myself while looking for certain free software online. Anyways, the first thing I noticed was wrong with my computer, was the inability to turn on Windows Defender. Whenever I click "Start now", a message pops up saying "The service couldn't be started. The requested resource is in use." with error code 0x800700aa. Now, at the time I assumed that was the only problem. Later on, after searching online forever to find an answer, (which I never did), I tried opening my task manager. I just pressed CTRL + ALT + DELETE to open task manager, but whenever I click task manager, it opens for a second, and instantly closes. So I am unable to check what is running and don't know what the cause is. Later on, I gave up and decided I should just reset my entire computer, considering there's really nothing on it at all (oddly enough, it says it's almost full? Not sure if its because of the virus). I go to "Reset my PC" in the settings, and I click it once, nothing happens, click it twice, nothing happens. I wait, nothing happens. I have gone into Safe Mode in hopes that it will allow me to reset my PC there, but it doesn't even allow me to open the settings. This virus has disabled Windows Defender, my ability to view task manager, and my ability to reset my computer. I have tried countless software, including Malwarebytes, to get rid of this virus, but to no avail. Every program I try to use, whether it be MalwareBytes anti rootkit, MalwareBytes Beta, or McAfee Stinger, I simply get a "The requested resource is in use." message. All my life, I thought I was a wiz with computers, but here I am, feeling like the dumbest person ever because I have absolutely no clue what to do. I think now would be a good time to mention, I believe I found the virus folder, called "ntuserwhitelist", which I have read online is a pretty infamous virus. I found it by going to my user > App Data > Local. Inside this file are 2 folders called "svcvmx" and another called "regtool". I believe the real perp is inside the svcvmx file. Inside of it, there's a bunch of .dlls, PAK files, Application extensions, and 2 applications, being svcvmx.exe and vmxclient.exe. Now, you may be thinking "delete them dummy", but the thing is, I have deleted these numerous times, and they keep coming back! I don't know how to get them off! I come here in hopes that you guys will understand that, any .exe file isn't running on my computer and I don't know what else to do. I have seen in other posts that the support just recommends using some sort of MalwareBytes file, but I don't think that will work in my case, and I am desperate for advice. I delete the virus folder, restart my computer, and everything is still.... messed up, and eventually it reinstalls itself. I don't know what else to do. I really hope someone here can help me! Thank you for reading, I tried to be as detailed as I could
  22. Hi everyone i am from Indonesia. I need Microsoft office 2016 for my office work but i can not buy it. i have seen it on a website where they it offers for free. like www.getintoapc.com can i download it? or anyone here send it to me? i badly need this software please help anyone. thanks in advance
  23. Hi, This morning we had an employee open a phishing email and subsequently open one of the two attachments that came with it. When they opened it nothing appeared to happen, so far as they could tell, but they got in touch with us here in the IT department as it seemed odd to them. As soon as we saw the email we could see that it had flags all over it. Anyway we have ran scans and been in touch with our email spam filter guys and they came back to us saying that it was phishing for credentials and possibly more. The laptop is now disconnected from any network and all logins have been changed that the end user would have used. What can we do now in this situation as we ran it through virustotal.com and it showed as not being caught by anything and also only appearing today? Any help you can bring to us here would be very much appreciated.
  24. So, I came to know about this issue yesterday when I returned from school and used my laptop. All the files and folders except C Drive are hidden and there is shortcut of everything. I click on the shortcut and then I can access the file. But when I try to copy anything from lappi to USB, only shortcuts are being copied. Also, an .exe file is being created on the name of the folder and file. Third, when I tried to show all the system protected files and folders, a junk of files and folders came up on the disk. Don't really know what went wrong. Day before yesterday, I inserted my friend's USB into lappi. I think this might be the reason of this. Any help would be highly appreciated as I have to clean my lappi and don't want to loose any file whatsoever. Thanks, Steve.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.