Attila123
2017-05-14, 06:32
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by User (administrator) on DESKTOP-EJN6HF4 (12-05-2017 17:27:21)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Kenubi SRL) C:\Users\User\AppData\Roaming\Boxifier\Boxifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Individual Software Inc.) C:\Program Files (x86)\AnyTime Organizer Deluxe\Atw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Unattend0000000001{0A333A6D-CE04-4918-80BD-26BDF046E7C1}] => C:\Windows\system32\devmgmt.msc [145640 2016-07-16] ()
HKLM\...\Run: [Unattend0000000001{1C5C9ED5-7D00-49E0-B365-2D0ABD98A5F7}] => C:\Windows\system32\devmgmt.msc [145640 2016-07-16] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [atr.exe] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\Run: [Boxifier] => C:\Users\User\AppData\Roaming\Boxifier\boxifier.exe [15377232 2017-04-28] (Kenubi SRL)
HKU\S-1-5-21-673431399-3437147872-892390184-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk [2016-12-16]
ShortcutTarget: AnyTime.lnk -> C:\Program Files (x86)\AnyTime Organizer Deluxe\ISI Launcher.exe (Individual Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5a2dd3f7-01b8-4724-aae7-1c3141bc2aa6}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-673431399-3437147872-892390184-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: kt47h4lt.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default [2017-05-12]
FF Homepage: Mozilla\Firefox\Profiles\kt47h4lt.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\kt47h4lt.default -> is enabled.
FF Extension: (Cisco WebEx Extension) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-04-13]
FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default\Extensions\newtaboverride@agenedia.com.xpi [2017-01-01]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ADIHdAudAddService; C:\Windows\system32\drivers\ADIHdAud.sys [475136 2009-06-05] (Analog Devices, Inc.) [File not signed]
R1 Boxifier; C:\Windows\System32\DRIVERS\boxifier.sys [115824 2017-05-05] (Kenubi SRL)
S3 dc21x4vm; C:\Windows\System32\drivers\dc21x4vm.sys [96256 2016-07-16] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93624 2017-05-12] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-12 17:27 - 2017-05-12 17:28 - 00016094 _____ C:\Users\User\Desktop\FRST.txt
2017-05-12 17:27 - 2017-05-12 17:27 - 00000000 ____D C:\FRST
2017-05-12 17:25 - 2017-05-12 17:26 - 02429440 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-05-12 11:45 - 2017-05-12 14:48 - 00093624 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-12 11:45 - 2017-05-12 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-12 11:45 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-05 23:06 - 2017-05-07 16:14 - 00000000 ____D C:\Users\User\Desktop\Beneath
2017-05-05 19:21 - 2017-05-10 17:15 - 00000000 ____D C:\Users\User\Desktop\Meta
2017-05-05 19:04 - 2017-05-05 19:26 - 00000000 ____D C:\Users\User\AppData\Roaming\BoxifierData
2017-05-05 19:04 - 2017-05-05 19:04 - 00115824 _____ (Kenubi SRL) C:\Windows\system32\Drivers\boxifier.sys
2017-05-05 19:04 - 2017-05-05 19:04 - 00000000 ____D C:\Users\User\AppData\Local\Boxifier
2017-05-05 19:03 - 2017-05-05 19:04 - 00000000 ____D C:\ProgramData\Boxifier
2017-05-05 19:03 - 2017-05-05 19:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxifier
2017-05-05 19:03 - 2017-05-05 19:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Boxifier
2017-05-03 17:33 - 2017-05-03 17:33 - 00000029 _____ C:\Windows\ATW.INI
2017-05-02 13:16 - 2017-05-02 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-02 08:40 - 2017-05-02 08:40 - 00000000 ____D C:\Users\User\Documents\Telephone mobile California lifeline
2017-05-01 07:49 - 2017-05-01 07:49 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-28 18:23 - 2017-04-28 18:23 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2017-04-25 22:33 - 2017-04-25 22:34 - 00000000 ____D C:\Users\User\Documents\Flying cars Elevate
2017-04-25 22:04 - 2016-07-16 04:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170425-220455.backup
2017-04-25 21:54 - 2017-04-25 21:54 - 00104030 _____ C:\Users\User\Documents\Meta.txt
2017-04-25 11:54 - 2017-05-05 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-24 23:30 - 2017-05-05 20:46 - 00000000 ___RD C:\Users\User\Dropbox
2017-04-24 22:19 - 2017-04-24 22:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2017-04-24 22:18 - 2017-04-26 16:53 - 00000936 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-24 22:18 - 2017-04-24 22:18 - 00003996 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-04-24 22:18 - 2017-04-24 22:18 - 00003764 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-04-24 22:17 - 2017-05-02 13:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-24 22:17 - 2017-04-26 16:53 - 00000932 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-24 22:17 - 2017-04-24 23:34 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2017-04-24 22:17 - 2017-04-24 22:17 - 00000000 ____D C:\ProgramData\Dropbox
2017-04-22 16:38 - 2017-04-22 16:38 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2017-04-12 11:43 - 2017-04-12 11:43 - 00000000 ____D C:\Users\User\AppData\Local\UNP
2017-04-12 10:41 - 2017-04-12 10:41 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2017-04-12 09:47 - 2017-04-12 09:48 - 00000000 ____D C:\Program Files\UNP
2017-04-12 09:47 - 2017-04-12 09:47 - 00000000 ____D C:\Windows\system32\UNP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-12 17:13 - 2016-12-17 23:15 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-05-12 16:58 - 2016-08-06 15:23 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-05-12 11:45 - 2017-03-28 22:52 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-12 11:32 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-12 11:30 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-12 03:52 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 03:51 - 2016-08-06 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-11 23:45 - 2016-07-15 23:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-05-11 20:23 - 2016-07-16 04:36 - 00000000 ____D C:\Windows\CbsTemp
2017-05-11 19:52 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-11 19:52 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\AppReadiness
2017-05-10 16:19 - 2016-12-16 12:40 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-05-09 16:45 - 2016-12-22 22:43 - 00000000 ____D C:\Windows\system32\MRT
2017-05-09 16:40 - 2016-12-22 22:43 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-06 10:16 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-05 21:19 - 2016-12-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-05 21:03 - 2017-01-07 15:21 - 00000000 ____D C:\Users\User\Documents\Student loan mine
2017-05-05 06:19 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-04 05:46 - 2016-08-06 12:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-03 17:33 - 2016-12-16 23:12 - 00000000 ____D C:\Program Files (x86)\AnyTime Organizer Deluxe
2017-05-03 16:44 - 2016-12-16 22:45 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-05-01 08:17 - 2017-01-07 15:25 - 00000000 ____D C:\Users\User\Documents\Health
2017-04-28 17:59 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-28 17:59 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 21:58 - 2017-04-11 12:41 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 21:58 - 2017-04-11 12:41 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-27 09:37 - 2017-01-07 15:20 - 00000000 ____D C:\Users\User\Documents\Yavuz Tezeller
2017-04-26 17:00 - 2016-08-06 12:29 - 01809534 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-26 16:52 - 2016-07-15 23:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-04-25 21:58 - 2016-12-17 23:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-25 21:38 - 2017-01-14 22:23 - 00000000 ____D C:\Users\User\Documents\Taxes 2015
2017-04-25 20:52 - 2017-01-07 15:26 - 00000000 ____D C:\Users\User\Documents\Credit Freeze
2017-04-21 17:55 - 2017-02-01 22:41 - 00000000 ____D C:\Users\User\Documents\Mahsudov
2017-04-20 21:07 - 2016-12-16 12:54 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-04-19 09:28 - 2017-01-07 20:34 - 03839842 _____ C:\Users\User\Downloads\pg41391-images.epub
2017-04-18 21:14 - 2017-01-07 15:23 - 00000000 ____D C:\Users\User\Documents\jobs 2016
2017-04-15 15:29 - 2017-01-07 15:25 - 00000000 ____D C:\Users\User\Documents\Haase family Money
2017-04-14 21:09 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\rescache
2017-04-13 17:45 - 2016-12-18 02:22 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-04-13 17:37 - 2016-07-16 04:45 - 00000000 ____D C:\Windows\INF
2017-04-12 10:41 - 2016-08-06 16:06 - 00000000 ____D C:\ProgramData\WinZip
2017-04-12 01:19 - 2016-08-06 12:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 01:16 - 2016-08-06 15:23 - 00341680 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\system32\F12
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\setup
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Provisioning
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 01:14 - 2016-07-15 23:04 - 00000000 ____D C:\Windows\system32\Dism
==================== Files in the root of some directories =======
2017-03-05 15:11 - 2017-03-07 17:44 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-12 12:33
==================== End of FRST.txt ============================
SECOND SECOND SECOND SECOND
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by User (12-05-2017 17:29:58)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-16 19:38:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-673431399-3437147872-892390184-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-673431399-3437147872-892390184-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-673431399-3437147872-892390184-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-673431399-3437147872-892390184-501 - Limited - Disabled)
User (S-1-5-21-673431399-3437147872-892390184-1001 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
AnyTime Organizer (HKLM-x32\...\AnyTime Organizer) (Version: 14.0 - Individual Software, Inc)
Boxifier version 1.6.5.0 (HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\{BEBDFAFD-18FB-4DDC-B5BE-ED47E13EB2E3}_is1) (Version: 1.6.5.0 - Kenubi)
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-673431399-3437147872-892390184-1001_Classes\CLSID\{071B6D59-C72C-4A2A-9495-F4CD09887CCC}\InprocServer32 -> C:\Users\User\AppData\Roaming\Boxifier\Boxifier64.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06159447-AE04-4517-93F1-6C339D3AE25E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {0BE5FC38-EB65-4775-819B-8CC58C6381A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-12] (Microsoft Corporation)
Task: {172A4CDC-4664-4EFB-9B2F-E6C060F68506} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {30F88F91-46CE-4E38-BBF9-98E83C352DDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.)
Task: {32E7BB77-C1FA-4DBA-BB55-801DC7DC4DA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
Task: {3C3775F1-D52D-48F9-8AD5-F2DB413D95FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {3C93EDED-F893-4783-B08D-A9794DDDBB3C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {4937A3F4-D7E2-41AA-AD7E-A7AB6D7E5DA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
Task: {645CB8DF-1073-4431-B0F4-46F73E46EF13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {84FE406D-B8A9-4FD9-A40E-D29497B50367} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9B0E149C-0E01-43A7-B143-478EC517764F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-24] (Dropbox, Inc.)
Task: {A1B3F8B3-571B-45B9-9AD4-D3ACB05BA91B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.)
Task: {A34ACF9D-9DE4-4F2E-96AB-2A995E3FF2D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-24] (Dropbox, Inc.)
Task: {C589FF3B-C4BC-4BEA-BDF1-B9839F37B4E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {CE4E61D7-36E2-405B-BAF0-89C4A587F964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {EA174035-96FA-4D1F-94E6-EB01C2264CF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-31 12:31 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:47 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:47 - 2017-03-03 23:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-03-14 19:48 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:48 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:48 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 19:27 - 2017-03-27 22:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 19:27 - 2017-03-27 22:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 19:28 - 2017-03-27 22:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 09:19 - 2017-05-09 09:20 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 09:19 - 2017-05-09 09:20 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 09:19 - 2017-05-09 09:20 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 09:19 - 2017-05-09 09:20 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 11:54 - 2017-05-05 11:55 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-12-20 16:53 - 2016-12-20 16:55 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-05-12 11:45 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-17 23:40 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-17 23:40 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-17 23:40 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-17 23:41 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-17 23:41 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-05-05 19:03 - 2016-10-07 22:38 - 00716120 _____ () C:\Users\User\AppData\Roaming\Boxifier\BoxifierApp.dll
2017-05-02 13:15 - 2017-05-01 07:44 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-02 13:15 - 2017-04-12 16:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-02 13:15 - 2017-04-12 16:44 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-02 13:15 - 2017-04-12 16:44 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-02 13:15 - 2017-04-12 16:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-02 13:15 - 2017-04-12 16:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-02 13:15 - 2017-04-12 16:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-02 13:15 - 2017-04-12 16:44 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-02 13:15 - 2017-04-12 16:37 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-02 13:15 - 2017-05-01 07:48 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-05-02 13:15 - 2017-03-21 18:42 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-05-02 13:15 - 2017-05-01 07:48 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-02 13:15 - 2017-05-01 07:49 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-02 13:15 - 2017-04-12 16:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-02 13:15 - 2017-04-12 16:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-02 13:15 - 2017-04-12 16:50 - 14419408 _____ () C:\Program Files (x86)\Dropbox\Client\opengl32sw.dll
2017-05-02 13:15 - 2017-05-01 07:48 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-12-16 23:13 - 1997-04-29 11:26 - 00120832 _____ () C:\Program Files (x86)\AnyTime Organizer Deluxe\UTDial32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\User\Desktop:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\Beneath:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\FRST.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\FRST64.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\Meta:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7931 more sites.
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123simsen.com -> www.123simsen.com
There are 7931 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 04:47 - 2017-04-25 22:04 - 00454232 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15588 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-673431399-3437147872-892390184-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B54C0FD4-424C-4661-A02B-3280158C4482}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31C611E9-F5B7-4F20-A964-F56AFE56E851}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97B0EBFF-EB0A-40AF-9321-13B5FACDD779}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{109F4BDA-738C-4326-B56F-0CC5E4C14582}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{427A9D5E-BBF0-4202-9C9A-5D841D9651D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F7B50950-201B-41D3-80D3-82EB0F8631FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C0DAD317-CFA0-45BA-814F-4CE96B4C32D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{64F6BA35-48B6-41A5-8E8C-CA3A7CB978C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{AFFBD56F-62A0-4869-B809-F92A1086FCE0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1CA67CDC-1674-44A1-82DA-954B20788235}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{ABA9F846-067F-44EF-9F84-167959F88E93}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{87390806-794F-4526-8FD3-C2DD70F4EEA0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{38C6A22B-E6BF-4160-9BD0-A18FA5815BA1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B61A741-56E8-4CA3-B661-71CF6DD3D7DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
02-05-2017 04:46:25 Windows Update
05-05-2017 06:18:53 Windows Update
09-05-2017 16:36:12 Windows Update
09-05-2017 16:37:32 Windows Update
==================== Faulty Device Manager Devices =============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2017 05:12:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/12/2017 11:46:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/12/2017 04:23:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/11/2017 08:11:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/11/2017 08:07:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EJN6HF4)
Description: Package Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (05/10/2017 02:51:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/10/2017 02:48:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 53.0.2.6333, time stamp: 0x590bd295
Faulting module name: xul.dll, version: 53.0.2.6333, time stamp: 0x590bd27e
Exception code: 0x80000003
Fault offset: 0x0089d467
Faulting process id: 0x6d4
Faulting application start time: 0x01d2c946533cf693
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 4decac81-0027-414f-ab22-2d9fc63b8b4f
Faulting package full name:
Faulting package-relative application ID:
Error: (05/10/2017 02:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 53.0.2.6333, time stamp: 0x590bcebe
Faulting module name: xul.dll, version: 53.0.2.6333, time stamp: 0x590bd27e
Exception code: 0x80000003
Fault offset: 0x0089d467
Faulting process id: 0x1510
Faulting application start time: 0x01d2c71a21a8e2bf
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 3f0c4125-9d40-42f3-a556-f1866c34aac6
Faulting package full name:
Faulting package-relative application ID:
Error: (05/09/2017 04:45:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/09/2017 04:38:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (05/12/2017 11:28:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 10:37:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 10:36:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 11:52:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 03:41:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/10/2017 02:59:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/10/2017 02:56:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/10/2017 02:49:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/09/2017 05:37:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/09/2017 01:06:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 80%
Total physical RAM: 4015.3 MB
Available physical RAM: 764.99 MB
Total Virtual: 6923.41 MB
Available Virtual: 2542.48 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:232.05 GB) (Free:148.13 GB) NTFS
Drive e: (Iomega) (Fixed) (Total:298.09 GB) (Free:106.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F70AB8E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=750 MB) - (Type=27)
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: A58BEF9C)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-05-13 02:25:15
-----------------------------
02:25:15.962 OS Version: Windows x64 6.2.9200
02:25:15.962 Number of processors: 2 586 0xF0B
02:25:15.965 ComputerName: DESKTOP-EJN6HF4 UserName: User
02:25:17.494 Initialize success
02:25:17.499 VM: initialized successfully
02:25:17.500 VM: Intel CPU BiosDisabled
02:27:56.942 AVAST engine defs: 17030301
02:31:02.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:31:02.435 Disk 0 Vendor: ST3250312AS HP64 Size: 238475MB BusType: 3
02:31:02.589 Disk 0 MBR read successfully
02:31:02.592 Disk 0 MBR scan
02:31:02.601 Disk 0 Windows 7 default MBR code
02:31:02.610 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:31:02.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237623 MB offset 206848
02:31:02.671 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 750 MB offset 486858752
02:31:02.945 Disk 0 scanning C:\Windows\system32\drivers
02:31:36.647 Service scanning
02:32:42.121 Modules scanning
02:32:42.467 Disk 0 trace - called modules:
02:32:42.486 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
02:32:42.492 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffb80736d7a060]
02:32:42.499 3 CLASSPNP.SYS[fffff8084a2f5efb] -> nt!IofCallDriver -> [0xffffb807367a9520]
02:32:42.504 5 ACPI.sys[fffff80849544571] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffb80736745060]
02:32:43.303 AVAST engine scan C:\
06:37:00.895 Disk 0 statistics 22529896/0/0 @ 1.24 MB/s
06:37:00.903 Scan finished successfully
09:51:48.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:51:48.340 Disk 0 Vendor: ST3250312AS HP64 Size: 238475MB BusType: 3
09:51:50.408 Disk 0 MBR read successfully
09:51:50.416 Disk 0 MBR scan
09:51:50.484 Disk 0 Windows 7 default MBR code
09:51:50.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:51:50.657 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237623 MB offset 206848
09:51:50.743 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 750 MB offset 486858752
09:51:51.257 Disk 0 scanning C:\Windows\system32\drivers
09:52:20.426 Disk 0 statistics 22604237/0/0 @ 1.24 MB/s
09:52:20.437 Scan stopped
09:52:53.720 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:52:53.727 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
Ran by User (administrator) on DESKTOP-EJN6HF4 (12-05-2017 17:27:21)
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: defaultuser0 & User)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Kenubi SRL) C:\Users\User\AppData\Roaming\Boxifier\Boxifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Individual Software Inc.) C:\Program Files (x86)\AnyTime Organizer Deluxe\Atw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Unattend0000000001{0A333A6D-CE04-4918-80BD-26BDF046E7C1}] => C:\Windows\system32\devmgmt.msc [145640 2016-07-16] ()
HKLM\...\Run: [Unattend0000000001{1C5C9ED5-7D00-49E0-B365-2D0ABD98A5F7}] => C:\Windows\system32\devmgmt.msc [145640 2016-07-16] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [atr.exe] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\Run: [Boxifier] => C:\Users\User\AppData\Roaming\Boxifier\boxifier.exe [15377232 2017-04-28] (Kenubi SRL)
HKU\S-1-5-21-673431399-3437147872-892390184-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk [2016-12-16]
ShortcutTarget: AnyTime.lnk -> C:\Program Files (x86)\AnyTime Organizer Deluxe\ISI Launcher.exe (Individual Software Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5a2dd3f7-01b8-4724-aae7-1c3141bc2aa6}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-673431399-3437147872-892390184-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: kt47h4lt.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default [2017-05-12]
FF Homepage: Mozilla\Firefox\Profiles\kt47h4lt.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\kt47h4lt.default -> is enabled.
FF Extension: (Cisco WebEx Extension) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-04-13]
FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default\Extensions\newtaboverride@agenedia.com.xpi [2017-01-01]
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ADIHdAudAddService; C:\Windows\system32\drivers\ADIHdAud.sys [475136 2009-06-05] (Analog Devices, Inc.) [File not signed]
R1 Boxifier; C:\Windows\System32\DRIVERS\boxifier.sys [115824 2017-05-05] (Kenubi SRL)
S3 dc21x4vm; C:\Windows\System32\drivers\dc21x4vm.sys [96256 2016-07-16] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-12] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-12] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93624 2017-05-12] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-12 17:27 - 2017-05-12 17:28 - 00016094 _____ C:\Users\User\Desktop\FRST.txt
2017-05-12 17:27 - 2017-05-12 17:27 - 00000000 ____D C:\FRST
2017-05-12 17:25 - 2017-05-12 17:26 - 02429440 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-05-12 11:45 - 2017-05-12 14:48 - 00093624 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-12 11:45 - 2017-05-12 11:45 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-12 11:45 - 2017-05-12 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-12 11:45 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-05 23:06 - 2017-05-07 16:14 - 00000000 ____D C:\Users\User\Desktop\Beneath
2017-05-05 19:21 - 2017-05-10 17:15 - 00000000 ____D C:\Users\User\Desktop\Meta
2017-05-05 19:04 - 2017-05-05 19:26 - 00000000 ____D C:\Users\User\AppData\Roaming\BoxifierData
2017-05-05 19:04 - 2017-05-05 19:04 - 00115824 _____ (Kenubi SRL) C:\Windows\system32\Drivers\boxifier.sys
2017-05-05 19:04 - 2017-05-05 19:04 - 00000000 ____D C:\Users\User\AppData\Local\Boxifier
2017-05-05 19:03 - 2017-05-05 19:04 - 00000000 ____D C:\ProgramData\Boxifier
2017-05-05 19:03 - 2017-05-05 19:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxifier
2017-05-05 19:03 - 2017-05-05 19:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Boxifier
2017-05-03 17:33 - 2017-05-03 17:33 - 00000029 _____ C:\Windows\ATW.INI
2017-05-02 13:16 - 2017-05-02 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-02 08:40 - 2017-05-02 08:40 - 00000000 ____D C:\Users\User\Documents\Telephone mobile California lifeline
2017-05-01 07:49 - 2017-05-01 07:49 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-04-28 18:23 - 2017-04-28 18:23 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2017-04-25 22:33 - 2017-04-25 22:34 - 00000000 ____D C:\Users\User\Documents\Flying cars Elevate
2017-04-25 22:04 - 2016-07-16 04:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170425-220455.backup
2017-04-25 21:54 - 2017-04-25 21:54 - 00104030 _____ C:\Users\User\Documents\Meta.txt
2017-04-25 11:54 - 2017-05-05 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-24 23:30 - 2017-05-05 20:46 - 00000000 ___RD C:\Users\User\Dropbox
2017-04-24 22:19 - 2017-04-24 22:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
2017-04-24 22:18 - 2017-04-26 16:53 - 00000936 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-24 22:18 - 2017-04-24 22:18 - 00003996 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-04-24 22:18 - 2017-04-24 22:18 - 00003764 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-04-24 22:17 - 2017-05-02 13:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-24 22:17 - 2017-04-26 16:53 - 00000932 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-24 22:17 - 2017-04-24 23:34 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
2017-04-24 22:17 - 2017-04-24 22:17 - 00000000 ____D C:\ProgramData\Dropbox
2017-04-22 16:38 - 2017-04-22 16:38 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2017-04-12 11:43 - 2017-04-12 11:43 - 00000000 ____D C:\Users\User\AppData\Local\UNP
2017-04-12 10:41 - 2017-04-12 10:41 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
2017-04-12 09:47 - 2017-04-12 09:48 - 00000000 ____D C:\Program Files\UNP
2017-04-12 09:47 - 2017-04-12 09:47 - 00000000 ____D C:\Windows\system32\UNP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-12 17:13 - 2016-12-17 23:15 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-05-12 16:58 - 2016-08-06 15:23 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-05-12 11:45 - 2017-03-28 22:52 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-12 11:32 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-12 11:30 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-12 03:52 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 03:51 - 2016-08-06 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-11 23:45 - 2016-07-15 23:04 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-05-11 20:23 - 2016-07-16 04:36 - 00000000 ____D C:\Windows\CbsTemp
2017-05-11 19:52 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-11 19:52 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\AppReadiness
2017-05-10 16:19 - 2016-12-16 12:40 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-05-09 16:45 - 2016-12-22 22:43 - 00000000 ____D C:\Windows\system32\MRT
2017-05-09 16:40 - 2016-12-22 22:43 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-06 10:16 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-05-05 21:19 - 2016-12-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-05 21:03 - 2017-01-07 15:21 - 00000000 ____D C:\Users\User\Documents\Student loan mine
2017-05-05 06:19 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-04 05:46 - 2016-08-06 12:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-03 17:33 - 2016-12-16 23:12 - 00000000 ____D C:\Program Files (x86)\AnyTime Organizer Deluxe
2017-05-03 16:44 - 2016-12-16 22:45 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-05-01 08:17 - 2017-01-07 15:25 - 00000000 ____D C:\Users\User\Documents\Health
2017-04-28 17:59 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-28 17:59 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-27 21:58 - 2017-04-11 12:41 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 21:58 - 2017-04-11 12:41 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-27 09:37 - 2017-01-07 15:20 - 00000000 ____D C:\Users\User\Documents\Yavuz Tezeller
2017-04-26 17:00 - 2016-08-06 12:29 - 01809534 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-26 16:52 - 2016-07-15 23:04 - 00262144 _____ C:\Windows\system32\config\BBI
2017-04-25 21:58 - 2016-12-17 23:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-25 21:38 - 2017-01-14 22:23 - 00000000 ____D C:\Users\User\Documents\Taxes 2015
2017-04-25 20:52 - 2017-01-07 15:26 - 00000000 ____D C:\Users\User\Documents\Credit Freeze
2017-04-21 17:55 - 2017-02-01 22:41 - 00000000 ____D C:\Users\User\Documents\Mahsudov
2017-04-20 21:07 - 2016-12-16 12:54 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-04-19 09:28 - 2017-01-07 20:34 - 03839842 _____ C:\Users\User\Downloads\pg41391-images.epub
2017-04-18 21:14 - 2017-01-07 15:23 - 00000000 ____D C:\Users\User\Documents\jobs 2016
2017-04-15 15:29 - 2017-01-07 15:25 - 00000000 ____D C:\Users\User\Documents\Haase family Money
2017-04-14 21:09 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\rescache
2017-04-13 17:45 - 2016-12-18 02:22 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2017-04-13 17:37 - 2016-07-16 04:45 - 00000000 ____D C:\Windows\INF
2017-04-12 10:41 - 2016-08-06 16:06 - 00000000 ____D C:\ProgramData\WinZip
2017-04-12 01:19 - 2016-08-06 12:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-12 01:16 - 2016-08-06 15:23 - 00341680 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\system32\F12
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\setup
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Provisioning
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 01:14 - 2016-07-15 23:04 - 00000000 ____D C:\Windows\system32\Dism
==================== Files in the root of some directories =======
2017-03-05 15:11 - 2017-03-07 17:44 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-12 12:33
==================== End of FRST.txt ============================
SECOND SECOND SECOND SECOND
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by User (12-05-2017 17:29:58)
Running from C:\Users\User\Desktop
Windows 10 Home Version 1607 (X64) (2016-12-16 19:38:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-673431399-3437147872-892390184-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-673431399-3437147872-892390184-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-673431399-3437147872-892390184-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-673431399-3437147872-892390184-501 - Limited - Disabled)
User (S-1-5-21-673431399-3437147872-892390184-1001 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
AnyTime Organizer (HKLM-x32\...\AnyTime Organizer) (Version: 14.0 - Individual Software, Inc)
Boxifier version 1.6.5.0 (HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\{BEBDFAFD-18FB-4DDC-B5BE-ED47E13EB2E3}_is1) (Version: 1.6.5.0 - Kenubi)
Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-673431399-3437147872-892390184-1001_Classes\CLSID\{071B6D59-C72C-4A2A-9495-F4CD09887CCC}\InprocServer32 -> C:\Users\User\AppData\Roaming\Boxifier\Boxifier64.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06159447-AE04-4517-93F1-6C339D3AE25E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {0BE5FC38-EB65-4775-819B-8CC58C6381A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-12] (Microsoft Corporation)
Task: {172A4CDC-4664-4EFB-9B2F-E6C060F68506} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {30F88F91-46CE-4E38-BBF9-98E83C352DDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.)
Task: {32E7BB77-C1FA-4DBA-BB55-801DC7DC4DA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
Task: {3C3775F1-D52D-48F9-8AD5-F2DB413D95FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {3C93EDED-F893-4783-B08D-A9794DDDBB3C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {4937A3F4-D7E2-41AA-AD7E-A7AB6D7E5DA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
Task: {645CB8DF-1073-4431-B0F4-46F73E46EF13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {84FE406D-B8A9-4FD9-A40E-D29497B50367} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9B0E149C-0E01-43A7-B143-478EC517764F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-24] (Dropbox, Inc.)
Task: {A1B3F8B3-571B-45B9-9AD4-D3ACB05BA91B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.)
Task: {A34ACF9D-9DE4-4F2E-96AB-2A995E3FF2D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-24] (Dropbox, Inc.)
Task: {C589FF3B-C4BC-4BEA-BDF1-B9839F37B4E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {CE4E61D7-36E2-405B-BAF0-89C4A587F964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
Task: {EA174035-96FA-4D1F-94E6-EB01C2264CF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-31 12:31 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:47 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:47 - 2017-03-03 23:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-03-14 19:48 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:48 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:48 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 19:27 - 2017-03-27 22:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 19:27 - 2017-03-27 22:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 19:28 - 2017-03-27 22:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 09:19 - 2017-05-09 09:20 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 09:19 - 2017-05-09 09:20 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 09:19 - 2017-05-09 09:20 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 09:19 - 2017-05-09 09:20 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-05-05 11:54 - 2017-05-05 11:55 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-12-20 16:53 - 2016-12-20 16:55 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 11:54 - 2017-05-05 11:55 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-05-12 11:45 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-17 23:40 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-17 23:40 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-17 23:40 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-17 23:41 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-17 23:41 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-05-05 19:03 - 2016-10-07 22:38 - 00716120 _____ () C:\Users\User\AppData\Roaming\Boxifier\BoxifierApp.dll
2017-05-02 13:15 - 2017-05-01 07:44 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-02 13:15 - 2017-04-12 16:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-05-02 13:15 - 2017-04-12 16:44 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-02 13:15 - 2017-04-12 16:44 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-05-02 13:15 - 2017-04-12 16:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-02 13:15 - 2017-04-12 16:43 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-02 13:15 - 2017-04-12 16:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-02 13:15 - 2017-04-12 16:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-02 13:15 - 2017-04-12 16:44 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-05-02 13:15 - 2017-04-12 16:46 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-02 13:15 - 2017-04-12 16:37 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-02 13:15 - 2017-05-01 07:48 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-05-02 13:15 - 2017-03-21 18:42 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-05-02 13:15 - 2017-05-01 07:48 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-05-02 13:15 - 2017-05-01 07:49 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-02 13:15 - 2017-04-12 16:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-02 13:15 - 2017-04-12 16:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-05-02 13:15 - 2017-04-12 16:50 - 14419408 _____ () C:\Program Files (x86)\Dropbox\Client\opengl32sw.dll
2017-05-02 13:15 - 2017-05-01 07:48 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-05-02 13:15 - 2017-05-01 07:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-05-02 13:15 - 2017-05-01 07:48 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-12-16 23:13 - 1997-04-29 11:26 - 00120832 _____ () C:\Program Files (x86)\AnyTime Organizer Deluxe\UTDial32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\User\Desktop:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\Beneath:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\FRST.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\FRST64.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\User\Desktop\Meta:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7931 more sites.
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123simsen.com -> www.123simsen.com
There are 7931 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 04:47 - 2017-04-25 22:04 - 00454232 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15588 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-673431399-3437147872-892390184-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B54C0FD4-424C-4661-A02B-3280158C4482}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31C611E9-F5B7-4F20-A964-F56AFE56E851}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97B0EBFF-EB0A-40AF-9321-13B5FACDD779}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{109F4BDA-738C-4326-B56F-0CC5E4C14582}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{427A9D5E-BBF0-4202-9C9A-5D841D9651D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F7B50950-201B-41D3-80D3-82EB0F8631FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C0DAD317-CFA0-45BA-814F-4CE96B4C32D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{64F6BA35-48B6-41A5-8E8C-CA3A7CB978C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{AFFBD56F-62A0-4869-B809-F92A1086FCE0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1CA67CDC-1674-44A1-82DA-954B20788235}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{ABA9F846-067F-44EF-9F84-167959F88E93}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{87390806-794F-4526-8FD3-C2DD70F4EEA0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{38C6A22B-E6BF-4160-9BD0-A18FA5815BA1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1B61A741-56E8-4CA3-B661-71CF6DD3D7DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
02-05-2017 04:46:25 Windows Update
05-05-2017 06:18:53 Windows Update
09-05-2017 16:36:12 Windows Update
09-05-2017 16:37:32 Windows Update
==================== Faulty Device Manager Devices =============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2017 05:12:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/12/2017 11:46:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/12/2017 04:23:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/11/2017 08:11:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/11/2017 08:07:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EJN6HF4)
Description: Package Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (05/10/2017 02:51:49 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (05/10/2017 02:48:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 53.0.2.6333, time stamp: 0x590bd295
Faulting module name: xul.dll, version: 53.0.2.6333, time stamp: 0x590bd27e
Exception code: 0x80000003
Fault offset: 0x0089d467
Faulting process id: 0x6d4
Faulting application start time: 0x01d2c946533cf693
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 4decac81-0027-414f-ab22-2d9fc63b8b4f
Faulting package full name:
Faulting package-relative application ID:
Error: (05/10/2017 02:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 53.0.2.6333, time stamp: 0x590bcebe
Faulting module name: xul.dll, version: 53.0.2.6333, time stamp: 0x590bd27e
Exception code: 0x80000003
Fault offset: 0x0089d467
Faulting process id: 0x1510
Faulting application start time: 0x01d2c71a21a8e2bf
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Report Id: 3f0c4125-9d40-42f3-a556-f1866c34aac6
Faulting package full name:
Faulting package-relative application ID:
Error: (05/09/2017 04:45:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/09/2017 04:38:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (05/12/2017 11:28:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 10:37:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 10:36:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 11:52:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/11/2017 03:41:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/10/2017 02:59:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/10/2017 02:56:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/10/2017 02:49:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/09/2017 05:37:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/09/2017 01:06:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 80%
Total physical RAM: 4015.3 MB
Available physical RAM: 764.99 MB
Total Virtual: 6923.41 MB
Available Virtual: 2542.48 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:232.05 GB) (Free:148.13 GB) NTFS
Drive e: (Iomega) (Fixed) (Total:298.09 GB) (Free:106.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F70AB8E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=750 MB) - (Type=27)
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: A58BEF9C)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-05-13 02:25:15
-----------------------------
02:25:15.962 OS Version: Windows x64 6.2.9200
02:25:15.962 Number of processors: 2 586 0xF0B
02:25:15.965 ComputerName: DESKTOP-EJN6HF4 UserName: User
02:25:17.494 Initialize success
02:25:17.499 VM: initialized successfully
02:25:17.500 VM: Intel CPU BiosDisabled
02:27:56.942 AVAST engine defs: 17030301
02:31:02.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:31:02.435 Disk 0 Vendor: ST3250312AS HP64 Size: 238475MB BusType: 3
02:31:02.589 Disk 0 MBR read successfully
02:31:02.592 Disk 0 MBR scan
02:31:02.601 Disk 0 Windows 7 default MBR code
02:31:02.610 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:31:02.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237623 MB offset 206848
02:31:02.671 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 750 MB offset 486858752
02:31:02.945 Disk 0 scanning C:\Windows\system32\drivers
02:31:36.647 Service scanning
02:32:42.121 Modules scanning
02:32:42.467 Disk 0 trace - called modules:
02:32:42.486 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
02:32:42.492 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffb80736d7a060]
02:32:42.499 3 CLASSPNP.SYS[fffff8084a2f5efb] -> nt!IofCallDriver -> [0xffffb807367a9520]
02:32:42.504 5 ACPI.sys[fffff80849544571] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffb80736745060]
02:32:43.303 AVAST engine scan C:\
06:37:00.895 Disk 0 statistics 22529896/0/0 @ 1.24 MB/s
06:37:00.903 Scan finished successfully
09:51:48.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:51:48.340 Disk 0 Vendor: ST3250312AS HP64 Size: 238475MB BusType: 3
09:51:50.408 Disk 0 MBR read successfully
09:51:50.416 Disk 0 MBR scan
09:51:50.484 Disk 0 Windows 7 default MBR code
09:51:50.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:51:50.657 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237623 MB offset 206848
09:51:50.743 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 750 MB offset 486858752
09:51:51.257 Disk 0 scanning C:\Windows\system32\drivers
09:52:20.426 Disk 0 statistics 22604237/0/0 @ 1.24 MB/s
09:52:20.437 Scan stopped
09:52:53.720 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:52:53.727 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"