Jump to content

Search the Community

Showing results for tags 'scan'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 52 results

  1. I have 32 items ( see att) that appear daily. I can't seem to delete them permanently, I must be doing something wrong, but with age cannot recall how I should proceed. Can someone, please help or remind me. The entries nearly all relate to PUPs, but how do I find the extension that is causing the problem and remove that to solve matter? I am using Premium (free) 3.7.1 summary mbites.txt
  2. Hi there, Is there any ability coming or presently in Malwarebytes for MAC that allows custom scanning of other disks, such as an external drive or other internal drive? This would benefit greatly. Consider it feedback if it's not there!
  3. ✌️✌️😋Hey guys, im new in the forum and with Malwarebytes.👋👋 😞Just finished a scan and i got a few threats,😤 im looking to know the best course of action, and if i have to worry about the results. 😅In the TXT you will find my first scan, i already put them in quarentine, i should delete them? 🤔 Thanks in advance! 1.txt
  4. Hi there, I'm new to this but I can't find an answer to this or anything similar, sorry. I liked and used Trend Micro's Dr Cleaner - it is free, minimal resources and lets you know what it is doing, freeing up memory and disc space on the fly on software removal (something I do a lot as I try random bits of software and find out it doesn't do what you have been led to believe it will do!) but Apple decided that Trends reporting your usage back to Trend violated privacy rules Apple banned it. It now has been removed from the Apple store but I still have a copy but Malwarebytes has found it and keeps putting it in quarantine. My question is is there any way to ask/tell Malwarebytes to ignore this application? Unless you feel it's a much worse threat than I'm aware of and I will abide by the advice of Apple and Malwarebytes.
  5. I have my Malwarebytes set up to run a quick scan daily and a full, in depth scan weekly on Windows 10 PC. This is the first time (in over 2 years) that I received an error in my security center telling me to open Malwarebytes. When I did, I found that my in depth scan has been running for over 9 days! Scanned items is at 344,779+ and time is 218:14:45. Anyone know how to fix this?? Thanks!
  6. How can I identify a folder to scan? I've mirrored a wordpress site that is infected with malware and would like to scan it
  7. Threat scan only seems to scan through the SSD that I have win7 and Malwarebytes 3.0 is installed in. For example, when I perform a threat scan, it goes through 355,000 items. I disconnect my second SSD drive and power cable (the one that doesnt have win7 and Malwarebytes 3.0 installed) and perform another threat scan and only 355,000 items are scanned. Anyway to configure it so threat scans include both of my SSDs? Thanks!
  8. I suddenly got a "-" subscript on my top bar icon for malwarebytes. If I open the app and try to scan I get BACKGROUND SERVICE IS OFFLINE I have tried restarting, and also uninstalling and reinstalling. Nothing helps.
  9. Greetings! I am the proud owner of a subscription to the super-duper premium version of Malwarebytes (V 3.5.1, current as of this instant date) My system is a Windows-7 Professional 64 bit version on an HP Envy series EliteBook 8750, maxed out to the gills. Issue: Malwarebytes Premium 3.5.1 will not allow even a right-click scan of a networked folder. I suspect that this is a marketing issue to differentiate their Super-Professional For Businesses with Deep Pockets version. OK, I can accept that. (I used to run a computer business and was a dealer for a competitors AV, and I know how frustrating it can be to compete with the web-version.) However, especially in this day-and-age, not providing the ability to scan a file on a networked device is counter-productive as home-based "Personal Cloud" file servers, backup servers, etc. etc. etc., can be a significant security risk. OK, I can move it to my local machine and scan it there - but why? I already have access to it on my local share. Is it possible - or can this be an enhancement request - to allow file/folder scans of networked drives. It would be acceptable - even desirable - to limit this to manually initiated scans. (I have over 20T of active files on my server - I have absolutely NO DESIRE to waste a week-or-so scanning all 20+T.) What say ye? Jim "JR"
  10. I was using AVG anti virus and mb3-setup-consumer-3.1.2.1733.exe Mouse behaviour If left untouched for a period, my mouse needed a button click in order to function. It seemed to be moving slowly, and would drift upwards, when hovering over a link. Modded the setup to max speed, but it still wasn't right. (In all my decades of computing, I've never experienced this mouse behaviour) I had watched F1 via a stream - many such streams launch an advert new window if the stream page is clicked. This would be a good way of forcing the user to click the page. Opening a new firefox tab : unknown software exception (0xc0000409) occurred in the application at location 0x00406b64 Malwarebytes scan Tried to run a Malwarebytes scan, but it wouldn't run. Spybot found nothing threatening. Installed super antispyware - it found no threats. Chameleon Ran chameleon - option 2 worked - it suggested that I upgrade, which I did to 3.5.1 However, 3.5 wouldn't launch. Uninstalled it and reinstalled 3.1 Option 2 no longer worked ... I think it was option 8 that worked ... I ran a scan ... zero threats. Note: each time an option wouldn't work, it would stop at 'enabling driver' requiring a reboot every time. Testing the 13 options took a long time. 3.5.1 Reinstalled 3.5.1 - it wouldn't launch, but it did launch the following day (maybe it needed a reboot). Ran a scan - zero threats. ------------------------ I finally finished a big report last night. Today, booted the PC ... Malwarebytes blocked 198.134.112.243 (outbound) - I hadn't launched a connection to that site. I am alerted at regular intervals of this site being blocked. -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: IP Address: 198.134.112.243 Port: [0] Type: Outbound File: Loaded scanurl.net in Firefox - https crossed out, and the url input box did not display. Loaded scanurl.net in Chrome - https displayed - the url input boxes appeared momentarily, then disappeared, and were inaccessible. Checked the site in google transparency and phishtank - result : clean I noticed that the mouse was now functioning correctly!!! ------------ What to do? Is it possible that malware can be switched on and off? Does anybody recognise this strange mouse behaviour? Might the mouse be working correctly because 198.134.112.243 is now being blocked? Could this be simple suppression - general time-wasting aspect of a varied package of measures?
  11. I don't know what's going on. The default option Malwarebytes came pre-installed with was to run a threat scan on startup. I deleted that to get better performance since my computer has very limited resources and set it to run a hyper scan every week instead. I do not have any other scheduled scans. However, it seems to ignore that and runs a threat scan on startup regardless. It happened 4 times and on these dates: July 3rd, 2018; July 4th, 2018; July 7th, 2018; July 11th, 2018. It happens at random, not necessarily always. For example, when I turned my computer on today it didn't. I tried to fix the issue by reinstalling with the Malwarebytes Cleanup Utility, but it didn't fix the problem. I'm running Windows 7 Home Premium 64 bit. Thanks in advance, AleksandarF mbst-grab-results.zip
  12. Hi! So, I'm only curious about this and just wanted to make sure it was normal to settle my nerves. Everyone few hours, I do a scan, since I'm on the free malwarebytes. I've noticed that the scan usually takes 10-15 seconds and it seems a bit too fast to me, but that could just be how it is. Someone please get back to me soon to soothe my rising nerves.
  13. It's been a ritual for me to scan every downloaded file with MSE and Malwarebytes prior to opening. In the past, when right-clicking a file MLB has traditionally opened with the pre-scan operations window, then progressing through its four stage procedure. Lately, the first window I've been seeing reads: Your scan is complete. No threats detected. It then changes to initialize the four pre-scan protocol. I don't think I'd noticed the seemingly backwards (scan complete, followed by scan) progression before but am curious as to whether it's always been like this or if something changed due to a recent update to have it act this way.
  14. Hello, If I choose Custom Scan on C:\ drive and check the option Scan for Rootkits, MBAM stops scanning and stop responding even if I click on cancel, the only way to stop the task is rebooting the computer This issue is very old, I haven't never finish a Custom Scan on C:\ drive checking the option Scan for Rootkits I am impatient? Or MBAM has still issues with this type of scan? Thanks Came
  15. How to scan specific folder on MAC? I have seen some treats saying I need to go to settings and select the option. However, I have no such option in my settings.
  16. The last two versions have acted a bit strange.. One. human-initiated scan works up to a point then my Lenovo T61 [Win7 Pro, Firefox, pretty vanilla] gazinta Sleep mode. Consistently. Can wake it up for a second and a half, insufficient time to pause/cancel the scan so bruteforce shutdown is required*.. BUT I just looked and, gee, the (automagic) scan report sez nothing found. Ehh??!! Have performed CLEAN & install of 3.5. Same deal. Hmm can't seem to enable. Web Protection in the premium trial? Two, related issue with my LG K20. Additionally, some of you may? have Android smartphones and perhaps your default email is AOL. Well... long emails from Support have formatted sections, when they get to be a certain length REPLYing to them results in a SEND FAILURE and they wind up in the Outbox. Never knew I had one until now.... attempts to RESEND also go nowhere but seem to have actually been Sent. Thanks. * ...DFIGABH... don't force it, get a bigger hammer.
  17. Hi, giving user feedback is a new thing for me and hopefully my conclusion is correct that this is an issue best addressed by providing feedback rather than contacting support. Malwarebytes has in the past destabilized my system by removing registry files, so I am wary of quarantining anything unless I'm sure I don't need it. However, I am finding that once selected files have been quarantined, I can't return to the original results to quarantine more files unless I start the whole scan over again, This is obviously inconvenient if I want to tweak things around until I identify the problem files.
  18. So, basically, I just noticed some site I usually visit was having some display issue on it and websites were taking a while to load suddenly, so I ran a scan with Malwarebytes and it now seems to take only a minute before it's finished scanning, I don't remember what this was like on my other computer, but I know it took longer on my PC than on my mac, is there any reason the scan would be taking much less time?
  19. Hey. I'm using free Malwarebytes 3.4.5.2467 (Windows 7 64bit) and I have a problem with the scan time. When I perform a full scan of the system disk it takes many hours. The main place that seems to affect dramatically on scanning time is Windows/Winsxs/* My winsxs folder is 14.9GB 72061 files 189444 folders You can not reduce this folder. And MB can scan up to 6 hours for the entire drive. Is there any way to do something about it?
  20. I had ran a rootkit scan got 3 winzips. I removed these and after doing so malwarebytes has been having problems contacting the license server, it asks me to check my network settings. I could restore them but i have read their are no necessary rootkits for malwarebytes to run and this only happens on one of the two computers i have malwarebytes installed on.
  21. Can I delete ALL of the registers, programs, keys that the ADW cleaner found in the Scan process. Good afternoon! Tell me, can I delete ALL of the registers, programs, keys that the ADW cleaner found in the Scan process. Those. Will this harm my PERSONAL data on my computer? Will there be any addblock ad extensions in the browser? I attach the LOG of the scan result to the ADW cleaner. Thank you, I await your reply. Sincerely, New User.
  22. When scanning the service is terminated randomly, it always occurs with less than 2 minutes. I use Peemium version 3.4.5, installed on a new installation of Windows Server 2008 SP2 on an IBM System X3200 Erro: We're sorry, but the Malwarebytes service stopped working. The program will now restart. Addition.txt FRST.txt mb-check-results.zip
  23. It seems as though my (work) computer has sent out a large amount of emails to people I may have recently been in contact with. The email (which was not sent by me) contained a dead link [the link did not open anything] according to those who reached out to me regarding this email. If someone could help verify the issue, it would be greatly appreciated. Here are the .txt files extracted from the Farbar Recovery Scan Tool (x64 bit) (FRST) - FRST.txt - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (administrator) on BEAUTYEXCHANGE (12-03-2018 14:23:11) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Loaded Profiles: Beauty Exchange & QBDataServiceUser23 (Available Profiles: Beauty Exchange & QBDataServiceUser23 & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE (Starfield Technologies) C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [425512 2015-01-22] (CANON INC.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-12-16] (Power Software Ltd) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1868520 2016-08-08] (CANON INC.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [Starfield Updater] => C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe [35008 2017-02-06] (Starfield Technologies) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [aepitall] => C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Devisapi\apilrror.exe [667136 2018-03-01] () HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\MountPoints2: {28a85a68-3fb9-11e6-b05c-7071bca08d5f} - J:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2014-02-06] ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-12] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4EC0104C-B538-4FC0-8AE6-8A27EE6982D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{700705CE-A709-4CA7-A019-19B8C24DD241}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [NameServer] 67.205.168.151 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-890987734-199605990-4172685101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> DefaultScope {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://apps8.fldfs.com/aspnet_client/system_web/4_0_30319/crystalreportviewers12/ActiveXControls/PrintControl.cab Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06] [Legacy] [not signed] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Beauty Exchange\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.googl.e.com/" CHR Profile: C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default [2018-03-05] CHR Extension: (Docs) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25] CHR Extension: (Google Drive) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17] CHR Extension: (YouTube) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17] CHR Extension: (Google Search) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17] CHR Extension: (Google Docs Offline) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05] CHR Extension: (Gmail) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15] CHR Extension: (Chrome Media Router) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-12] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.) R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-12] (Malwarebytes) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2018-03-12 14:23 - 000000000 ____D C:\FRST 2018-03-12 14:17 - 2018-03-12 14:21 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\MB2Migration 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-12 14:17 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-08 11:26 - 2018-03-08 11:26 - 000011446 _____ C:\Users\Beauty Exchange\Downloads\Untitled (2) 2018-03-02 12:31 - 2018-03-05 17:54 - 000000000 ____D C:\Windows\system32\appmgmt 2018-03-02 04:28 - 2018-03-02 04:28 - 000000000 ____D C:\6f16d32e1493efcc5377a4493987a767 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 _____ C:\Users\Beauty Exchange\Documents\1.txt 2018-02-27 14:17 - 2018-02-27 14:17 - 000123013 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (6).pdf 2018-02-27 14:15 - 2018-02-27 14:15 - 000114003 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (2).pdf 2018-02-23 13:43 - 2018-02-23 13:43 - 000347473 _____ C:\Users\Beauty Exchange\Desktop\Open Enrollment Letter.pdf 2018-02-22 16:03 - 2018-02-22 16:03 - 000088991 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (1).pdf 2018-02-22 16:01 - 2018-02-22 16:01 - 000074642 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018.pdf 2018-02-20 17:38 - 2018-02-20 17:38 - 000198551 _____ C:\Users\Beauty Exchange\Downloads\Federal W-2 4_1_2017 (2).pdf 2018-02-20 17:28 - 2018-02-20 17:28 - 000121798 _____ C:\Users\Beauty Exchange\Downloads\W2 Verification Report 4_1_2017.pdf 2018-02-20 17:19 - 2018-02-20 17:19 - 000213707 _____ C:\Users\Beauty Exchange\Downloads\Payroll Reports - All of the Above 2_16_2018.PDF 2018-02-20 17:16 - 2018-02-20 17:16 - 000123208 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018 (1).pdf 2018-02-20 17:04 - 2018-02-20 17:04 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (3).pdf 2018-02-20 17:03 - 2018-02-20 17:03 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (3).pdf 2018-02-20 17:02 - 2018-02-20 17:02 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (5).pdf 2018-02-20 17:00 - 2018-02-20 17:00 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (2).pdf 2018-02-20 16:55 - 2018-02-20 16:55 - 000088884 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018.pdf 2018-02-20 16:48 - 2018-02-20 16:48 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (1).pdf 2018-02-20 16:47 - 2018-02-20 16:47 - 000064904 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_12_2018.pdf 2018-02-20 16:45 - 2018-02-20 16:45 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (4).pdf 2018-02-20 16:43 - 2018-02-20 16:43 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (2).pdf 2018-02-20 16:25 - 2018-02-20 16:25 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (2).pdf 2018-02-16 10:21 - 2018-02-16 10:21 - 000000000 ____D C:\74f73fd7d831c9dbc9ff93e379 2018-02-13 12:53 - 2018-02-13 12:53 - 000118676 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (3).pdf 2018-02-13 12:50 - 2018-02-13 12:50 - 000109816 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018.pdf 2018-02-13 10:50 - 2018-02-13 10:50 - 000000000 ____D C:\833241a07707b2b730e6446d ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:17 - 2014-06-30 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-12 13:48 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-12 13:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-03-12 13:44 - 2016-10-28 09:03 - 000003490 _____ C:\Windows\System32\Tasks\AutoKMS 2018-03-12 13:43 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-12 12:08 - 2016-06-30 12:07 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Office Forms 2018-03-12 10:36 - 2016-06-27 13:18 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#13 Document 2018-03-12 10:32 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#5 Document 2018-03-08 17:35 - 2016-06-27 13:17 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#11 Document 2018-03-08 11:28 - 2016-07-19 15:32 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\MY PERSONAL 2018-03-07 16:15 - 2017-11-30 17:32 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#18 Document 2018-03-07 13:40 - 2017-08-16 14:16 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Payroll By Week 2018-03-07 11:19 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#6 Document 2018-03-06 15:32 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#8 Document 2018-03-06 15:24 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#7 Document 2018-03-06 14:55 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#4 Document 2018-03-06 14:51 - 2016-06-27 13:10 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#3 Document 2018-03-06 14:43 - 2016-06-27 13:09 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#2 Document 2018-03-06 14:34 - 2017-02-15 15:30 - 000042992 _____ C:\Users\Beauty Exchange\Documents\SALON PAYROLL SHEET 2018.xlsx 2018-03-06 14:33 - 2016-06-27 13:08 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#1 Document 2018-03-06 12:52 - 2014-02-06 00:32 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-06 10:38 - 2017-09-06 10:06 - 000000499 _____ C:\Users\Beauty Exchange\Desktop\Sign In.website 2018-03-02 12:36 - 2014-02-06 00:18 - 000000000 ____D C:\Users\Beauty Exchange\AppData\Local\Adobe 2018-03-02 12:35 - 2017-02-22 11:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-03-02 12:19 - 2016-03-24 17:10 - 000000000 ____D C:\Program Files (x86)\Raptr Inc 2018-03-02 04:28 - 2017-02-01 14:43 - 000000000 ___HT C:\Windows\wusa.lock 2018-03-02 04:28 - 2014-02-06 00:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-02 04:25 - 2014-02-06 00:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-01 13:23 - 2017-05-19 11:06 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#19 Document 2018-02-28 16:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#10 Document 2018-02-28 11:32 - 2016-09-07 15:25 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#16 Document 2018-02-27 10:21 - 2014-02-06 00:17 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-27 10:21 - 2014-02-06 00:17 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-22 16:56 - 2017-03-28 10:41 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\#9 Danny 2018-02-19 10:43 - 2015-05-15 15:46 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Raptr 2018-02-14 10:37 - 2017-11-20 12:41 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Canon Fax Data 2018-02-13 17:03 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2018-02-13 15:04 - 2017-04-04 13:50 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Fax 2018-02-12 16:01 - 2017-03-27 10:38 - 000000000 ____D C:\Users\Beauty Exchange\Documents\OneNote Notebooks 2018-02-12 12:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#9 Document ==================== Files in the root of some directories ======= 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe Some files in TEMP: ==================== 2018-03-01 10:57 - 2018-03-01 10:57 - 000577536 _____ (OrecX Thin) C:\Users\Beauty Exchange\AppData\Local\Temp\1403665.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-07 09:45 ==================== End of FRST.txt =========== ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (12-03-2018 14:23:52) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Windows 7 Ultimate Service Pack 1 (X64) (2014-02-06 04:03:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-890987734-199605990-4172685101-500 - Administrator - Disabled) Beauty Exchange (S-1-5-21-890987734-199605990-4172685101-1000 - Administrator - Enabled) => C:\Users\Beauty Exchange Guest (S-1-5-21-890987734-199605990-4172685101-501 - Limited - Enabled) => C:\Users\Guest QBDataServiceUser23 (S-1-5-21-890987734-199605990-4172685101-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser23 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{B0B857B4-B5CD-7BBB-23FC-6FB64A8A1FD1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) App Manager - Dell C2665dnf (HKLM-x32\...\{B873FAEC-1627-4899-88C4-B8D0D0424F1D}) (Version: 1.00.000 - Dell Inc.) Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.0.6 - CANON INC.) Hidden Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.0.6.10005 - CANON INC.) Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.3.0.0 - CANON INC.) Canon MF731C/733C (HKLM\...\{28DD6D0E-A759-4A32-B9A8-0BC6EAB372A8}) (Version: 5.4.0.0 - CANON INC.) Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix) Configuration Tool - Dell C2665dnf (HKLM-x32\...\{5AC049AB-E61B-45D4-A3DB-6A606FF38B90}) (Version: 1.00.000 - Dell Inc.) Dell C2665dnf Color MFP Address Book Editor Ver.1.0.0.0 (HKLM-x32\...\{723B61D6-A73A-4DB7-B8E1-E2D2F7DC58F2}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scan Button Manager Ver.1.0.0.0 (HKLM-x32\...\{5C054E48-4070-4D22-BB5F-CC2294D76FD7}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scanner Driver (HKLM-x32\...\{AF194BFC-5C05-4408-B2DF-5CF30BC556D2}) (Version: 1.1.0.0 - Dell Inc.) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd) QuickBooks (HKLM-x32\...\{31566BB1-C43D-4D96-9504-57E42B1FD86D}) (Version: 23.0.4001.2305 - Intuit Inc.) Hidden QuickBooks Enterprise Solutions: Accountant Edition 13.0 (HKLM-x32\...\{30823A86-D1BF-4D42-8E86-892F3D956254}) (Version: 23.0.4001.2305 - Intuit Inc.) Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.3.0.0 - CANON INC.) Workspace Desktop (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\workspacedesktop) (Version: - Starfield Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC) ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-08-12] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00E72EBA-DF0C-4CCB-AD75-178DA9ACE874} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {0D52D023-F2DD-4079-AA77-D1DA564D5E94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-06] () Task: {1AF420F1-2C37-43A4-B3AA-6617B6634580} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {307D7C55-9C85-43AE-892E-6DC07B71CBBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-01] (Microsoft Corporation) Task: {4E42997C-69FA-43B5-9877-E1D9270F60F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {5501D7E5-7D34-4BEE-A485-0B12ECF75F52} - System32\Tasks\{18199DFC-AEAA-447F-92C1-06E60D638CEB} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {57369104-E58E-4282-B0AD-096CD5276AFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6C04F400-30A3-4864-9A0F-AD16CB8E88BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {8CB43446-8AA9-428E-9751-524E2A556D57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {8E2377A9-FA9C-496F-BA43-4EC99CB57D30} - System32\Tasks\{5C185BC4-06C9-466A-8B6D-786D474531B4} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {A2458D2B-7E8F-4630-AF59-1280946DACF4} - System32\Tasks\{5D6D1740-3511-4852-A1C7-32BECC630251} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {CA7ED872-C67E-402F-83ED-2D6E6D0A89B3} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2016-06-09] (CANON INC.) Task: {D339F89F-9E12-4095-BC92-16CAC1A67157} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {DEE56423-EB69-42B6-9075-5EF6E38D0EC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated) Task: {E07FE3A1-72AE-41C7-AA96-7E805FD1FE38} - System32\Tasks\{F56A1271-D174-4ED3-9019-070A6F3E70ED} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {E7FD4982-4F21-4BD4-96F4-E6803FAA676C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {F0DBBE9E-94D7-47FA-A4EA-ABFEEE60B9F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {FF8BA46C-2249-4C38-A846-17AC049B25E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-02-06 12:27 - 2010-08-26 18:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2017-02-01 14:44 - 2017-02-01 14:44 - 000959168 _____ () C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2014-02-06 12:27 - 2010-08-26 18:47 - 004577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2014-08-12 11:06 - 2014-08-12 11:06 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2018-03-12 14:17 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-12 14:17 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2014-02-06 12:27 - 2010-07-09 17:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2014-02-06 12:27 - 2010-02-03 12:31 - 000282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2017-02-01 14:30 - 2018-03-01 16:45 - 001012400 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 67.205.168.151 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Beauty Exchange^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{425CB310-409A-4135-B0CE-040B12ABA48F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F55F366B-684A-418B-BA27-1906A767028C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2A0D0239-7018-4AE3-8530-18F91726CC31}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{904D3FB7-4FAE-47D5-A17B-C4354C209901}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{EC89CDFE-F050-45E3-A472-969ADC3EB656}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{1CBC0135-10CC-4139-ADF4-916FBAE180F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{3C4B45F7-BCAE-404D-91EF-26B0957F0125}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{3CF06724-F832-4D59-826F-90BA69386A1F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{7545DF13-0C8D-4DE1-967B-4F3F09A78861}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{74836C3B-FBA9-48C3-B65D-794C7AC78735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{07BE2CF9-668E-4830-8479-104BD43EDB5A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{C3DFF8F6-89A9-4F29-9304-56FE0552BE51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{08683AFF-C203-49A8-BD7D-82A96FFF5653}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{DBBAD4FF-3A30-4630-93F1-EEB677659ABD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{FE57A986-8C84-4856-8298-32EE504D2546}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{48E9A2BE-6856-4F24-9722-3884AAC28D70}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{E686F621-86B5-4452-A2C7-E67DB8C5F169}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [UDP Query User{5F587471-FEB5-4795-82D0-11DA4656BEA7}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [{A028D047-1B85-4DD4-9BCE-01E027C32B3C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{0049DE10-41AE-49AC-AEF2-1BF628CFD455}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{CFB730C8-3F32-4E81-80E4-BC0EB20FABB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0AF3ACA2-1933-4E44-AA7D-874F65E9D390}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{BE774B78-25DB-4347-BC20-7F5CB68013B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{ECB73631-974F-43A9-AE69-2A692EACE97A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-09-2016 16:29:11 Installed Dell C2665dnf Color MFP Scan Driver 09-01-2017 15:07:33 Installed Dell C2665dnf Color MFP Scan Driver 02-03-2018 12:30:03 Removed Adobe Acrobat Reader DC. 05-03-2018 17:54:14 Removed Adobe Acrobat Reader DC. 06-03-2018 12:51:22 Removed Adobe Acrobat Reader DC. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2018 02:22:35 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 02:12:09 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:47:36 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:40:43 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:37:47 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: Initialize TwdsMain Class failed! Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/12/2018 01:33:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:10.824]: [00003460]: Initialize TwdsMain Class failed! System errors: ============= Error: (03/12/2018 01:46:49 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:06:36 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 09:03:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The AMD FUEL Service service hung on starting. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/08/2018 12:59:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 56% Total physical RAM: 8190.49 MB Available physical RAM: 3545.78 MB Total Virtual: 16379.16 MB Available Virtual: 11688.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:866.04 GB) NTFS \\?\Volume{98ef4543-8efb-11e3-874e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A03D0812) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  24. Hi, im struggling with my malwarebytes that only takes 5 secs and doesnt scan anything. The report shows 0 files scanned and the results as 'cancelled' but ive not cancelled it. Whats wrong. Thanks in advance. Im running Win10 on a laptop. MalwarebytesReport1.txt
  25. I always see kuwodata please help to remove this from scanning, because i scanned 30 times and i always see kuwo data quarantined
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.