Results 1 to 3 of 3

Thread: Any Volunteers to tell me if these logs have anything scary? THANKS

  1. #1
    Junior Member
    Join Date
    May 2017
    Posts
    1

    Default Any Volunteers to tell me if these logs have anything scary? THANKS

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
    Ran by User (administrator) on DESKTOP-EJN6HF4 (12-05-2017 17:27:21)
    Running from C:\Users\User\Desktop
    Loaded Profiles: User (Available Profiles: defaultuser0 & User)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Kenubi SRL) C:\Users\User\AppData\Roaming\Boxifier\Boxifier.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Individual Software Inc.) C:\Program Files (x86)\AnyTime Organizer Deluxe\Atw.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Unattend0000000001{0A333A6D-CE04-4918-80BD-26BDF046E7C1}] => C:\Windows\system32\devmgmt.msc [145640 2016-07-16] ()
    HKLM\...\Run: [Unattend0000000001{1C5C9ED5-7D00-49E0-B365-2D0ABD98A5F7}] => C:\Windows\system32\devmgmt.msc [145640 2016-07-16] ()
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    HKLM-x32\...\Run: [atr.exe] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28432392 2017-05-01] (Dropbox, Inc.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\Run: [Boxifier] => C:\Users\User\AppData\Roaming\Boxifier\boxifier.exe [15377232 2017-04-28] (Kenubi SRL)
    HKU\S-1-5-21-673431399-3437147872-892390184-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-01] (Dropbox, Inc.)
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk [2016-12-16]
    ShortcutTarget: AnyTime.lnk -> C:\Program Files (x86)\AnyTime Organizer Deluxe\ISI Launcher.exe (Individual Software Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{5a2dd3f7-01b8-4724-aae7-1c3141bc2aa6}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-673431399-3437147872-892390184-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: kt47h4lt.default
    FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default [2017-05-12]
    FF Homepage: Mozilla\Firefox\Profiles\kt47h4lt.default -> www.google.com
    FF Session Restore: Mozilla\Firefox\Profiles\kt47h4lt.default -> is enabled.
    FF Extension: (Cisco WebEx Extension) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default\Extensions\ciscowebexstart1@cisco.com.xpi [2017-04-13]
    FF Extension: (New Tab Override (browser.newtab.url replacement)) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kt47h4lt.default\Extensions\newtaboverride@agenedia.com.xpi [2017-01-01]
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-24] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-24] (Dropbox, Inc.)
    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-01] (Dropbox, Inc.)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ADIHdAudAddService; C:\Windows\system32\drivers\ADIHdAud.sys [475136 2009-06-05] (Analog Devices, Inc.) [File not signed]
    R1 Boxifier; C:\Windows\System32\DRIVERS\boxifier.sys [115824 2017-05-05] (Kenubi SRL)
    S3 dc21x4vm; C:\Windows\System32\drivers\dc21x4vm.sys [96256 2016-07-16] (Microsoft Corporation)
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] ()
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-12] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-12] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-12] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-12] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93624 2017-05-12] (Malwarebytes)
    S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [5195776 2016-07-16] (Realtek Semiconductor Corporation )
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-12 17:27 - 2017-05-12 17:28 - 00016094 _____ C:\Users\User\Desktop\FRST.txt
    2017-05-12 17:27 - 2017-05-12 17:27 - 00000000 ____D C:\FRST
    2017-05-12 17:25 - 2017-05-12 17:26 - 02429440 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
    2017-05-12 11:45 - 2017-05-12 14:48 - 00093624 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-05-12 11:45 - 2017-05-12 11:45 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-05-12 11:45 - 2017-05-12 11:45 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-05-12 11:45 - 2017-05-12 11:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-05-12 11:45 - 2017-05-12 11:45 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-05-12 11:45 - 2017-05-12 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-05-12 11:45 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-05-05 23:06 - 2017-05-07 16:14 - 00000000 ____D C:\Users\User\Desktop\Beneath
    2017-05-05 19:21 - 2017-05-10 17:15 - 00000000 ____D C:\Users\User\Desktop\Meta
    2017-05-05 19:04 - 2017-05-05 19:26 - 00000000 ____D C:\Users\User\AppData\Roaming\BoxifierData
    2017-05-05 19:04 - 2017-05-05 19:04 - 00115824 _____ (Kenubi SRL) C:\Windows\system32\Drivers\boxifier.sys
    2017-05-05 19:04 - 2017-05-05 19:04 - 00000000 ____D C:\Users\User\AppData\Local\Boxifier
    2017-05-05 19:03 - 2017-05-05 19:04 - 00000000 ____D C:\ProgramData\Boxifier
    2017-05-05 19:03 - 2017-05-05 19:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxifier
    2017-05-05 19:03 - 2017-05-05 19:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Boxifier
    2017-05-03 17:33 - 2017-05-03 17:33 - 00000029 _____ C:\Windows\ATW.INI
    2017-05-02 13:16 - 2017-05-02 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-05-02 08:40 - 2017-05-02 08:40 - 00000000 ____D C:\Users\User\Documents\Telephone mobile California lifeline
    2017-05-01 07:49 - 2017-05-01 07:49 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
    2017-04-28 18:23 - 2017-04-28 18:23 - 00000000 ____D C:\Users\User\.oracle_jre_usage
    2017-04-25 22:33 - 2017-04-25 22:34 - 00000000 ____D C:\Users\User\Documents\Flying cars Elevate
    2017-04-25 22:04 - 2016-07-16 04:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170425-220455.backup
    2017-04-25 21:54 - 2017-04-25 21:54 - 00104030 _____ C:\Users\User\Documents\Meta.txt
    2017-04-25 11:54 - 2017-05-05 21:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-04-24 23:30 - 2017-05-05 20:46 - 00000000 ___RD C:\Users\User\Dropbox
    2017-04-24 22:19 - 2017-04-24 22:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Dropbox
    2017-04-24 22:18 - 2017-04-26 16:53 - 00000936 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2017-04-24 22:18 - 2017-04-24 22:18 - 00003996 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
    2017-04-24 22:18 - 2017-04-24 22:18 - 00003764 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
    2017-04-24 22:17 - 2017-05-02 13:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2017-04-24 22:17 - 2017-04-26 16:53 - 00000932 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2017-04-24 22:17 - 2017-04-24 23:34 - 00000000 ____D C:\Users\User\AppData\Local\Dropbox
    2017-04-24 22:17 - 2017-04-24 22:17 - 00000000 ____D C:\ProgramData\Dropbox
    2017-04-22 16:38 - 2017-04-22 16:38 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
    2017-04-12 11:43 - 2017-04-12 11:43 - 00000000 ____D C:\Users\User\AppData\Local\UNP
    2017-04-12 10:41 - 2017-04-12 10:41 - 00000000 ____D C:\Users\User\AppData\Local\WinZip
    2017-04-12 09:47 - 2017-04-12 09:48 - 00000000 ____D C:\Program Files\UNP
    2017-04-12 09:47 - 2017-04-12 09:47 - 00000000 ____D C:\Windows\system32\UNP

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-12 17:13 - 2016-12-17 23:15 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
    2017-05-12 16:58 - 2016-08-06 15:23 - 00000000 ____D C:\Windows\system32\SleepStudy
    2017-05-12 11:45 - 2017-03-28 22:52 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-05-12 11:32 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\Macromed
    2017-05-12 11:30 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-05-12 03:52 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-05-12 03:51 - 2016-08-06 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-05-11 23:45 - 2016-07-15 23:04 - 00032768 _____ C:\Windows\system32\config\ELAM
    2017-05-11 20:23 - 2016-07-16 04:36 - 00000000 ____D C:\Windows\CbsTemp
    2017-05-11 19:52 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-05-11 19:52 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\AppReadiness
    2017-05-10 16:19 - 2016-12-16 12:40 - 00000000 ____D C:\Users\User\AppData\Local\Packages
    2017-05-09 16:45 - 2016-12-22 22:43 - 00000000 ____D C:\Windows\system32\MRT
    2017-05-09 16:40 - 2016-12-22 22:43 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-05-06 10:16 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\LiveKernelReports
    2017-05-05 21:19 - 2016-12-17 23:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-05-05 21:03 - 2017-01-07 15:21 - 00000000 ____D C:\Users\User\Documents\Student loan mine
    2017-05-05 06:19 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\appraiser
    2017-05-04 05:46 - 2016-08-06 12:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-05-03 17:33 - 2016-12-16 23:12 - 00000000 ____D C:\Program Files (x86)\AnyTime Organizer Deluxe
    2017-05-03 16:44 - 2016-12-16 22:45 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
    2017-05-01 08:17 - 2017-01-07 15:25 - 00000000 ____D C:\Users\User\Documents\Health
    2017-04-28 17:59 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-04-28 17:59 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-04-27 21:58 - 2017-04-11 12:41 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-04-27 21:58 - 2017-04-11 12:41 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-04-27 09:37 - 2017-01-07 15:20 - 00000000 ____D C:\Users\User\Documents\Yavuz Tezeller
    2017-04-26 17:00 - 2016-08-06 12:29 - 01809534 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-26 16:52 - 2016-07-15 23:04 - 00262144 _____ C:\Windows\system32\config\BBI
    2017-04-25 21:58 - 2016-12-17 23:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-04-25 21:38 - 2017-01-14 22:23 - 00000000 ____D C:\Users\User\Documents\Taxes 2015
    2017-04-25 20:52 - 2017-01-07 15:26 - 00000000 ____D C:\Users\User\Documents\Credit Freeze
    2017-04-21 17:55 - 2017-02-01 22:41 - 00000000 ____D C:\Users\User\Documents\Mahsudov
    2017-04-20 21:07 - 2016-12-16 12:54 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
    2017-04-19 09:28 - 2017-01-07 20:34 - 03839842 _____ C:\Users\User\Downloads\pg41391-images.epub
    2017-04-18 21:14 - 2017-01-07 15:23 - 00000000 ____D C:\Users\User\Documents\jobs 2016
    2017-04-15 15:29 - 2017-01-07 15:25 - 00000000 ____D C:\Users\User\Documents\Haase family Money
    2017-04-14 21:09 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\rescache
    2017-04-13 17:45 - 2016-12-18 02:22 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
    2017-04-13 17:37 - 2016-07-16 04:45 - 00000000 ____D C:\Windows\INF
    2017-04-12 10:41 - 2016-08-06 16:06 - 00000000 ____D C:\ProgramData\WinZip
    2017-04-12 01:19 - 2016-08-06 12:25 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-04-12 01:16 - 2016-08-06 15:23 - 00341680 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___SD C:\Windows\system32\F12
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ___RD C:\Program Files\Windows Defender
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\SysWOW64\setup
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\system32\setup
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\ShellExperiences
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Windows\Provisioning
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-04-12 01:14 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2017-04-12 01:14 - 2016-07-15 23:04 - 00000000 ____D C:\Windows\system32\Dism

    ==================== Files in the root of some directories =======

    2017-03-05 15:11 - 2017-03-07 17:44 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-05-12 12:33

    ==================== End of FRST.txt ============================



    SECOND SECOND SECOND SECOND
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
    Ran by User (12-05-2017 17:29:58)
    Running from C:\Users\User\Desktop
    Windows 10 Home Version 1607 (X64) (2016-12-16 19:38:53)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-673431399-3437147872-892390184-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-673431399-3437147872-892390184-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-673431399-3437147872-892390184-1000 - Limited - Disabled) => C:\Users\defaultuser0
    Guest (S-1-5-21-673431399-3437147872-892390184-501 - Limited - Disabled)
    User (S-1-5-21-673431399-3437147872-892390184-1001 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
    AnyTime Organizer (HKLM-x32\...\AnyTime Organizer) (Version: 14.0 - Individual Software, Inc)
    Boxifier version 1.6.5.0 (HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\{BEBDFAFD-18FB-4DDC-B5BE-ED47E13EB2E3}_is1) (Version: 1.6.5.0 - Kenubi)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 25.4.28 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
    Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
    Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
    QuickTime (HKLM-x32\...\QuickTime) (Version: - )
    Shockwave (HKLM-x32\...\Shockwave) (Version: - )
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
    WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-673431399-3437147872-892390184-1001_Classes\CLSID\{071B6D59-C72C-4A2A-9495-F4CD09887CCC}\InprocServer32 -> C:\Users\User\AppData\Roaming\Boxifier\Boxifier64.dll ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {06159447-AE04-4517-93F1-6C339D3AE25E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
    Task: {0BE5FC38-EB65-4775-819B-8CC58C6381A1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-12] (Microsoft Corporation)
    Task: {172A4CDC-4664-4EFB-9B2F-E6C060F68506} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {30F88F91-46CE-4E38-BBF9-98E83C352DDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.)
    Task: {32E7BB77-C1FA-4DBA-BB55-801DC7DC4DA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
    Task: {3C3775F1-D52D-48F9-8AD5-F2DB413D95FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
    Task: {3C93EDED-F893-4783-B08D-A9794DDDBB3C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
    Task: {4937A3F4-D7E2-41AA-AD7E-A7AB6D7E5DA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-12] (Microsoft Corporation)
    Task: {645CB8DF-1073-4431-B0F4-46F73E46EF13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
    Task: {84FE406D-B8A9-4FD9-A40E-D29497B50367} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {9B0E149C-0E01-43A7-B143-478EC517764F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-24] (Dropbox, Inc.)
    Task: {A1B3F8B3-571B-45B9-9AD4-D3ACB05BA91B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-11] (Google Inc.)
    Task: {A34ACF9D-9DE4-4F2E-96AB-2A995E3FF2D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-24] (Dropbox, Inc.)
    Task: {C589FF3B-C4BC-4BEA-BDF1-B9839F37B4E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
    Task: {CE4E61D7-36E2-405B-BAF0-89C4A587F964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-27] (Microsoft Corporation)
    Task: {EA174035-96FA-4D1F-94E6-EB01C2264CF5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
    2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
    2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
    2017-04-11 19:28 - 2017-03-27 23:22 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
    2016-12-31 12:31 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-03-14 19:47 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-03-14 19:47 - 2017-03-03 23:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
    2017-03-14 19:48 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-03-14 19:48 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-03-14 19:48 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-04-11 19:27 - 2017-03-27 22:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-04-11 19:27 - 2017-03-27 22:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-04-11 19:28 - 2017-03-27 22:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-05-09 09:19 - 2017-05-09 09:20 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-05-09 09:19 - 2017-05-09 09:20 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-05-09 09:19 - 2017-05-09 09:20 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-05-09 09:19 - 2017-05-09 09:20 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2017-05-05 11:54 - 2017-05-05 11:55 - 26322944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 00441856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 02139648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 02901928 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
    2016-12-20 16:53 - 2016-12-20 16:55 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 00641024 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
    2017-05-05 11:54 - 2017-05-05 11:55 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
    2017-05-12 11:45 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2016-12-17 23:40 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-12-17 23:40 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-12-17 23:40 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-12-17 23:41 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-12-17 23:41 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2017-05-05 19:03 - 2016-10-07 22:38 - 00716120 _____ () C:\Users\User\AppData\Roaming\Boxifier\BoxifierApp.dll
    2017-05-02 13:15 - 2017-05-01 07:44 - 00870720 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2017-05-02 13:15 - 2017-04-12 16:43 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2017-05-02 13:15 - 2017-04-12 16:43 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2017-05-02 13:15 - 2017-04-12 16:43 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2017-05-02 13:15 - 2017-04-12 16:44 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2017-05-02 13:15 - 2017-04-12 16:43 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2017-05-02 13:15 - 2017-04-12 16:43 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2017-05-02 13:15 - 2017-04-12 16:44 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2017-05-02 13:15 - 2017-04-12 16:43 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2017-05-02 13:15 - 2017-04-12 16:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2017-05-02 13:15 - 2017-04-12 16:43 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2017-05-02 13:15 - 2017-04-12 16:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2017-05-02 13:15 - 2017-04-12 16:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2017-05-02 13:15 - 2017-04-12 16:44 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2017-05-02 13:15 - 2017-04-12 16:46 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2017-05-02 13:15 - 2017-04-12 16:37 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2017-05-02 13:15 - 2017-05-01 07:48 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
    2017-05-02 13:15 - 2017-03-21 18:42 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2017-05-02 13:15 - 2017-05-01 07:48 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2017-05-02 13:15 - 2017-05-01 07:49 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2017-05-02 13:15 - 2017-04-12 16:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2017-05-02 13:15 - 2017-04-12 16:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2017-05-02 13:15 - 2017-04-12 16:50 - 14419408 _____ () C:\Program Files (x86)\Dropbox\Client\opengl32sw.dll
    2017-05-02 13:15 - 2017-05-01 07:48 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2017-05-02 13:15 - 2017-05-01 07:49 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2017-05-02 13:15 - 2017-05-01 07:48 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2016-12-16 23:13 - 1997-04-29 11:26 - 00120832 _____ () C:\Program Files (x86)\AnyTime Organizer Deluxe\UTDial32.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\Users\User\Desktop:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\Beneath:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\FRST.txt:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\FRST64.exe:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\Meta:com.dropbox.attributes [168]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7931 more sites.

    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\123simsen.com -> www.123simsen.com

    There are 7931 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 04:47 - 2017-04-25 22:04 - 00454232 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15588 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-673431399-3437147872-892390184-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKU\S-1-5-21-673431399-3437147872-892390184-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{B54C0FD4-424C-4661-A02B-3280158C4482}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{31C611E9-F5B7-4F20-A964-F56AFE56E851}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{97B0EBFF-EB0A-40AF-9321-13B5FACDD779}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{109F4BDA-738C-4326-B56F-0CC5E4C14582}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{427A9D5E-BBF0-4202-9C9A-5D841D9651D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{F7B50950-201B-41D3-80D3-82EB0F8631FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{C0DAD317-CFA0-45BA-814F-4CE96B4C32D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{64F6BA35-48B6-41A5-8E8C-CA3A7CB978C4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{AFFBD56F-62A0-4869-B809-F92A1086FCE0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{1CA67CDC-1674-44A1-82DA-954B20788235}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{ABA9F846-067F-44EF-9F84-167959F88E93}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{87390806-794F-4526-8FD3-C2DD70F4EEA0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{38C6A22B-E6BF-4160-9BD0-A18FA5815BA1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{1B61A741-56E8-4CA3-B661-71CF6DD3D7DA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    02-05-2017 04:46:25 Windows Update
    05-05-2017 06:18:53 Windows Update
    09-05-2017 16:36:12 Windows Update
    09-05-2017 16:37:32 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/12/2017 05:12:18 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/12/2017 11:46:28 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/12/2017 04:23:05 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/11/2017 08:11:18 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/11/2017 08:07:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EJN6HF4)
    Description: Package Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (05/10/2017 02:51:49 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/10/2017 02:48:19 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 53.0.2.6333, time stamp: 0x590bd295
    Faulting module name: xul.dll, version: 53.0.2.6333, time stamp: 0x590bd27e
    Exception code: 0x80000003
    Fault offset: 0x0089d467
    Faulting process id: 0x6d4
    Faulting application start time: 0x01d2c946533cf693
    Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
    Report Id: 4decac81-0027-414f-ab22-2d9fc63b8b4f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (05/10/2017 02:48:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: firefox.exe, version: 53.0.2.6333, time stamp: 0x590bcebe
    Faulting module name: xul.dll, version: 53.0.2.6333, time stamp: 0x590bd27e
    Exception code: 0x80000003
    Fault offset: 0x0089d467
    Faulting process id: 0x1510
    Faulting application start time: 0x01d2c71a21a8e2bf
    Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll
    Report Id: 3f0c4125-9d40-42f3-a556-f1866c34aac6
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (05/09/2017 04:45:30 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (05/09/2017 04:38:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (05/12/2017 11:28:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/11/2017 10:37:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/11/2017 10:36:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/11/2017 11:52:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/11/2017 03:41:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/10/2017 02:59:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/10/2017 02:56:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/10/2017 02:49:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/09/2017 05:37:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (05/09/2017 01:06:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    Percentage of memory in use: 80%
    Total physical RAM: 4015.3 MB
    Available physical RAM: 764.99 MB
    Total Virtual: 6923.41 MB
    Available Virtual: 2542.48 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:232.05 GB) (Free:148.13 GB) NTFS
    Drive e: (Iomega) (Fixed) (Total:298.09 GB) (Free:106.47 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F70AB8E8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=750 MB) - (Type=27)

    ========================================================
    Disk: 1 (Size: 298.1 GB) (Disk ID: A58BEF9C)
    Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================











    aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
    Run date: 2017-05-13 02:25:15
    -----------------------------
    02:25:15.962 OS Version: Windows x64 6.2.9200
    02:25:15.962 Number of processors: 2 586 0xF0B
    02:25:15.965 ComputerName: DESKTOP-EJN6HF4 UserName: User
    02:25:17.494 Initialize success
    02:25:17.499 VM: initialized successfully
    02:25:17.500 VM: Intel CPU BiosDisabled
    02:27:56.942 AVAST engine defs: 17030301
    02:31:02.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    02:31:02.435 Disk 0 Vendor: ST3250312AS HP64 Size: 238475MB BusType: 3
    02:31:02.589 Disk 0 MBR read successfully
    02:31:02.592 Disk 0 MBR scan
    02:31:02.601 Disk 0 Windows 7 default MBR code
    02:31:02.610 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    02:31:02.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237623 MB offset 206848
    02:31:02.671 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 750 MB offset 486858752
    02:31:02.945 Disk 0 scanning C:\Windows\system32\drivers
    02:31:36.647 Service scanning
    02:32:42.121 Modules scanning
    02:32:42.467 Disk 0 trace - called modules:
    02:32:42.486 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
    02:32:42.492 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffb80736d7a060]
    02:32:42.499 3 CLASSPNP.SYS[fffff8084a2f5efb] -> nt!IofCallDriver -> [0xffffb807367a9520]
    02:32:42.504 5 ACPI.sys[fffff80849544571] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffb80736745060]
    02:32:43.303 AVAST engine scan C:\
    06:37:00.895 Disk 0 statistics 22529896/0/0 @ 1.24 MB/s
    06:37:00.903 Scan finished successfully
    09:51:48.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    09:51:48.340 Disk 0 Vendor: ST3250312AS HP64 Size: 238475MB BusType: 3
    09:51:50.408 Disk 0 MBR read successfully
    09:51:50.416 Disk 0 MBR scan
    09:51:50.484 Disk 0 Windows 7 default MBR code
    09:51:50.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    09:51:50.657 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 237623 MB offset 206848
    09:51:50.743 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 750 MB offset 486858752
    09:51:51.257 Disk 0 scanning C:\Windows\system32\drivers
    09:52:20.426 Disk 0 statistics 22604237/0/0 @ 1.24 MB/s
    09:52:20.437 Scan stopped
    09:52:53.720 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
    09:52:53.727 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    You don't have anything visibly scary on your machine, I do see what I think is hardware related to mouse and keyboard, bad/corrupt file for Firefox, and issues with Microsoft Office.
    We can run a few scans to see if anything else can be picked up.

    ***********************************************************************
    At this time I think it necessary to remove Java (I don't think you have the latest version)
    http://www.laptopmag.com/articles/un...ams-windows-10
    http://www.pcworld.com/article/29542...indows-10.html

    the 2 above links supply information on how to remove apps.

    When we finish we can download the most recent version if you like.

    *********************************************************************
    Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

    Right click on the text below and select Copy.

    Start::
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [atr.exe] => [X]
    GroupPolicy: Restriction <======= ATTENTION
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\Users\User\Desktop:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\Beneath:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\FRST.txt:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\FRST64.exe:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\User\Desktop\Meta:com.dropbox.attributes [168]
    EmptyTemp:
    End::


    Press the Fix button.
    When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.

    ******
    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~`

    Please download Zemana AntiMalware Free
    from here:


    Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.

    You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
    When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
    without changing any options, press Scan

    When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
    Zemana AntiMalware will now start to remove all the malicious programs from your computer.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • open Zemana AntiMalware again and locate the latest report
    • please paste the contents into your reply


    ~~~~

    Please post
    Fixlog.txt
    AdwCleaner log
    Zemana log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Due to lack of feedback this topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •