Solved Huh. Something flagged called "wise eurask"

basketcase · 2017/03/13

My routinely scheduled Malwarebytes scan found something called "wise eurask." I've googled it and can't find anything so here are the first requested logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Rick (administrator) on RICKS-M91P-THIN (13-03-2017 06:34:13)
Running from C:\Users\Rick\Desktop
Loaded Profiles: Rick (Available Profiles: Rick)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Unattend0000000001{8CEC7F9D-83AA-4128-B302-5914EF434DC2}] => C:\WINDOWS\system32\devmgmt.msc [145640 2016-07-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-18] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2016-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] => C:\Program Files (x86)\D-Link\DWA-160\AirNCFG.exe [1041728 2010-09-08] (D-Link Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\MountPoints2: {33d47656-5f12-11e6-998b-4437e6aa0c92} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b2f7d9ca-0f9b-4eff-b756-347b1bb797e1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\de4mge7f.default-1484875452823 [2017-03-13]
FF Homepage: Mozilla\Firefox\Profiles\de4mge7f.default-1484875452823 -> hxxps://www.google.com
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\de4mge7f.default-1484875452823\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-15]
FF Extension: (Adblock Plus) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\de4mge7f.default-1484875452823\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-28] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2017-03-11]
CHR Extension: (Google Slides) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-12]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-12]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-12]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-12]
CHR Extension: (Adblock Plus) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-13]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (Google Sheets) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-07]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-12-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 D-Link Wireless N Dual Band DWA-160 _WPS; C:\Program Files (x86)\D-Link\DWA-160\ANIWConnService.exe [53248 2010-07-11] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-10] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 anodlwf; C:\WINDOWS\system32\DRIVERS\anodlwfx.sys [15872 2010-05-28] ()
R3 Darusb_win7x; C:\WINDOWS\System32\drivers\Darusb_win7x.sys [786432 2010-07-11] (Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-03-01] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-11] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-11] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-11] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-13] (Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-11-05] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-08-03] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 06:34 - 2017-03-13 06:34 - 00019642 _____ C:\Users\Rick\Desktop\FRST.txt
2017-03-13 06:34 - 2017-03-13 06:34 - 00000000 ____D C:\FRST
2017-03-13 06:33 - 2017-03-13 06:33 - 02424832 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe
2017-03-12 14:16 - 2017-03-12 14:16 - 00001529 _____ C:\Users\Rick\Desktop\4 Rs Regrouping Notes - Shortcut (2).lnk
2017-03-11 20:10 - 2017-03-11 20:10 - 00000553 _____ C:\Users\Rick\Desktop\JRT.txt
2017-03-11 18:58 - 2017-03-11 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-11 18:54 - 2017-03-11 18:54 - 00000000 ___HD C:\OneDriveTemp
2017-03-11 18:50 - 2017-03-11 18:50 - 00000000 ____D C:\WINDOWS\LastGood
2017-03-11 18:50 - 2017-03-11 18:50 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-09 02:17 - 2017-03-09 02:17 - 12935296 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 11460448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 11330576 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 01086408 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 00975184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 00558728 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 00553424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 00242800 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 00206000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2017-03-09 02:17 - 2017-03-09 02:17 - 00051184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 13046920 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 10829448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 09025672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 05925984 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 03529352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 03139208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00593544 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00560776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00536664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00463960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00460936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00458376 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00457864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00457864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00457352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00457344 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00455304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00453768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00453768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00450184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00449160 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00447112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00446600 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00428680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00420960 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00402568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00348808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00304264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2017-03-09 02:16 - 2017-03-09 02:16 - 00300128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00276064 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00206944 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00193160 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00193112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2017-03-09 02:16 - 2017-03-09 02:16 - 00160392 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00145032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2017-03-09 02:16 - 2017-03-09 02:16 - 00134280 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4459.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00128648 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00119432 _____ C:\WINDOWS\system32\igdde64.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00112264 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00099464 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00082056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00043144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2017-03-09 02:16 - 2017-03-09 02:16 - 00027784 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2017-03-06 15:50 - 2017-03-06 15:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-04 21:40 - 2017-03-04 21:40 - 00010752 ___SH C:\Users\Rick\Documents\Thumbs.db
2017-03-04 21:40 - 2016-12-18 11:35 - 00121284 _____ C:\Users\Rick\Documents\4th Sunday of Advent_We Rest_in This Peace.pptx
2017-02-28 09:23 - 2017-03-02 21:59 - 00012515 _____ C:\Users\Public\Documents\FPU Vote by Text Polls.xlsx
2017-02-27 20:11 - 2017-02-27 20:11 - 03609939 _____ C:\Users\Rick\Downloads\Crown-MoneyMap-SideA.pdf
2017-02-24 03:42 - 2017-02-24 03:46 - 00000000 ____D C:\Users\Rick\Downloads\Old Office DT DL Contents
2017-02-23 15:55 - 2017-02-23 15:55 - 00001529 _____ C:\Users\Rick\Desktop\4 Rs Regrouping Notes - Shortcut.lnk
2017-02-13 22:19 - 2017-02-13 22:19 - 00096258 _____ C:\Users\Rick\Downloads\NonCal Search Team Questions.pdf
2017-02-13 08:24 - 2017-02-13 08:24 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-13 08:24 - 2017-02-13 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-13 08:22 - 2017-02-13 08:24 - 00000000 ____D C:\Program Files\iTunes
2017-02-13 08:22 - 2017-02-13 08:22 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 06:33 - 2016-11-16 05:04 - 00000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2017-03-13 06:21 - 2016-09-18 20:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-13 02:37 - 2017-01-30 08:36 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-12 21:31 - 2016-08-10 05:37 - 00000000 ____D C:\Users\Rick\Documents\Outlook Files
2017-03-12 21:23 - 2016-08-10 04:44 - 00000000 ___RD C:\Users\Rick\Dropbox
2017-03-12 19:45 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-12 15:01 - 2016-10-27 07:11 - 00000000 ____D C:\Users\Rick\AppData\Local\WORDsearch 10
2017-03-12 14:16 - 2016-08-17 06:32 - 00038400 ___SH C:\Users\Rick\Desktop\Thumbs.db
2017-03-11 20:34 - 2017-02-08 07:58 - 00000000 ____D C:\AdwCleaner
2017-03-11 20:11 - 2017-01-19 20:09 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-03-11 20:08 - 2016-08-10 07:25 - 00000000 ___RD C:\Users\Rick\OneDrive
2017-03-11 20:06 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-11 19:02 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-11 18:58 - 2016-08-10 04:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-11 18:53 - 2016-08-10 04:41 - 00000000 ____D C:\Users\Rick\AppData\Local\Dropbox
2017-03-11 18:36 - 2017-01-30 08:36 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-11 18:36 - 2017-01-30 08:36 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-11 18:36 - 2017-01-30 08:36 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-11 18:36 - 2016-11-16 05:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-11 18:36 - 2016-09-18 21:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-11 18:36 - 2016-08-10 05:01 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-11 18:36 - 2016-08-10 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-09 02:17 - 2015-06-01 21:01 - 13182528 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2017-03-09 02:16 - 2015-06-01 21:00 - 05382856 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2017-03-08 15:57 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-07 06:51 - 2016-08-10 15:10 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-07 06:49 - 2016-08-10 10:52 - 00000000 ____D C:\Users\Rick\Downloads\Utilities
2017-03-03 21:26 - 2016-12-16 17:24 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-03 21:26 - 2016-08-10 07:25 - 00002417 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-01 22:35 - 2017-01-30 08:36 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-01 07:03 - 2016-08-10 07:20 - 00000000 ____D C:\Users\Rick\AppData\Local\Microsoft Help
2017-02-28 08:26 - 2016-10-16 01:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-28 07:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-28 07:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-28 01:23 - 2016-04-28 20:36 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-25 21:04 - 2016-08-13 13:53 - 00000000 ____D C:\Users\Rick\Documents\OldData
2017-02-23 04:21 - 2016-04-28 20:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 04:20 - 2016-04-28 20:34 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 22:03 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-17 16:11 - 2016-10-27 07:11 - 00000000 ____D C:\Program Files (x86)\WORDsearch 10
2017-02-17 04:50 - 2016-04-28 20:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-13 08:22 - 2016-08-16 07:01 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-11 14:55 - 2017-01-29 22:20 - 00006144 _____ C:\Users\Rick\Desktop\Home_to_Tupelo_Honda.est

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-13 00:19

==================== End of FRST.txt ============================

basketcase · 2017/03/13

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Rick (13-03-2017 06:35:13)
Running from C:\Users\Rick\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-19 02:13:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2695648794-3928458116-4113379522-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2695648794-3928458116-4113379522-503 - Limited - Disabled)
Guest (S-1-5-21-2695648794-3928458116-4113379522-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2695648794-3928458116-4113379522-1003 - Limited - Enabled)
Rick (S-1-5-21-2695648794-3928458116-4113379522-1001 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.19 - Adobe Systems)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
D-Link DWA-160 (HKLM-x32\...\{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}) (Version: - D-Link Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iTalk Sync 1.0 (HKLM-x32\...\iTalk Sync) (Version: 1.0 116 - Griffin Technology)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X6 - Common Files (x32 Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (x32 Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (x32 Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (x32 Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (x32 Version: 16.2.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.428 - Corel Corporation)
WordPerfect Office X6 (x32 Version: 16.1 - Corel Corporation) Hidden
WORDsearch 10 (HKLM-x32\...\WORDsearch 10) (Version: - LifeWay)
WORDsearch 10 (x32 Version: 10 - WORDsearch Corp) Hidden
WORDsearch 8 Discipleship Edition (x32 Version: 8.0 - WORDsearch Corp) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {116D0A2D-4962-456D-9B56-8BFD85AD7AFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {14D40E02-941F-4872-9ABA-5FA88B42D5BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-12] (Google Inc.)
Task: {2A32CEF9-5C68-443E-BA43-ADD3F0B42D2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {4CDA5A96-72CC-49DF-8099-6A0B9DF72643} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {517CDBEC-3115-4CD7-BFF2-1FEFF3E92916} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {873B8450-CBFF-4A81-AFC2-A504D06D13D7} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Rick\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {89401622-AA27-4878-AE82-42BF22F55F24} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {8CCD1401-064F-45C4-869B-7263386AB955} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {8F85EAA0-DB8A-47DA-8A92-5395FD5799F7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {ABAA6220-F701-47EC-9519-DD59B647B903} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-28] (Adobe Systems Incorporated)
Task: {AD3148C9-5E61-468D-A346-099EAF787DEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {AD466DB8-E399-4CBE-82FF-735A847CF407} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-12] (Google Inc.)
Task: {B30B8C45-A293-41C7-8A68-8C5D5B84061C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {C39A1A5A-4D2F-4E86-BD4D-C86819939955} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-10] (Dropbox, Inc.)
Task: {C947F6DB-1D8F-4E11-950A-FDBDEB78CEA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {DAE00D12-E379-49E5-9AA9-FD7704966B9E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-10] (Dropbox, Inc.)
Task: {E7FD5F84-4610-4105-9C0F-BFC814D0CD2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 10:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-30 08:36 - 2017-03-01 22:35 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-30 08:36 - 2017-03-01 22:35 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-14 10:51 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2008-12-23 18:39 - 2008-12-23 18:39 - 00097280 _____ () C:\Program Files (x86)\Griffin Technology\iTalk Sync\CopyHook64.dll
2017-01-10 21:03 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:03 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:03 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:03 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 21:03 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:03 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-18 23:45 - 2016-09-18 23:45 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:04 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 19:14 - 2016-11-08 19:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 15:43 - 2017-01-16 15:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2017-03-11 18:57 - 2017-03-06 15:59 - 00807232 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-11 18:58 - 2017-02-08 21:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-11 18:58 - 2017-02-08 21:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-11 18:58 - 2017-02-08 21:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-11 18:58 - 2017-02-08 21:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-11 18:58 - 2017-02-08 21:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-11 18:57 - 2017-02-08 21:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-11 18:57 - 2017-02-08 21:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-11 18:57 - 2017-02-08 21:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-11 18:58 - 2017-02-08 21:22 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-11 18:57 - 2017-02-08 21:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-11 18:57 - 2017-02-08 21:22 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-11 18:58 - 2017-02-08 21:21 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-11 18:58 - 2017-02-08 21:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-11 18:57 - 2017-02-08 21:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-11 18:57 - 2017-03-06 16:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-03-11 18:57 - 2016-12-02 16:44 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-03-11 18:57 - 2017-03-06 16:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-11 18:57 - 2017-02-08 21:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-11 18:57 - 2017-02-08 21:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-11 18:57 - 2017-03-06 16:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-11 18:58 - 2017-02-08 21:22 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-11 18:58 - 2017-03-06 16:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-11 18:57 - 2017-03-06 16:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-03-11 18:57 - 2017-02-08 21:30 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\Documents\Unity.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Rick\Desktop\The Marines - PBS Documentary (full length).mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Rick\Documents\Phone Messages2.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Rick\Documents\Phone Messages3.xlsx:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2016-08-10 11:26 - 00453267 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15554 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Unattend0000000001{8CEC7F9D-83AA-4128-B302-5914EF434DC2}"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2695648794-3928458116-4113379522-1001\...\StartupApproved\Run: => "SpybotSD TeaTimer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BAF9079E-7586-448E-B4D1-3CFC140FD376}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0EBF8B15-EB00-4BDD-98CF-0C22C62B255B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E22457C1-E360-4B48-83AC-36945D90CEAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{85EEEA36-17DF-4418-8787-2E2C0D1CF8E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6EE73E3-BE35-4D6C-8053-3E63526D121C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BCD43AD-DAD6-48D4-BCA2-D79AED150440}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E824D6E-A882-41E9-8DC7-2E176E307D32}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{30BB322B-00F2-49C3-89F7-9DE4D370FF9C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8A0147B4-982E-4B5C-87CF-A91393B94069}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

26-02-2017 20:00:34 Windows Backup
05-03-2017 22:48:52 Scheduled Checkpoint
06-03-2017 05:24:19 Windows Backup
11-03-2017 18:47:57 Windows Update
11-03-2017 20:07:53 JRT Pre-Junkware Removal
12-03-2017 19:00:30 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2017 03:40:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/13/2017 02:56:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/13/2017 02:56:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/13/2017 02:56:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/12/2017 07:00:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/12/2017 07:00:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 08:08:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/11/2017 06:48:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/07/2017 06:45:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 145c

Start Time: 01d29737f2f1f53e

Termination Time: 24746

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8a691af9-032b-11e7-9a30-4437e6aa0c92

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2017 06:39:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a58

Start Time: 01d297346034d2e8

Termination Time: 13066

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: aae87cc3-032a-11e7-9a2f-4437e6aa0c92

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (03/12/2017 09:26:01 PM) (Source: DCOM) (EventID: 10010) (User: RICKS-M91P-THIN)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (03/12/2017 09:24:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (03/12/2017 09:22:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/12/2017 08:08:19 AM) (Source: DCOM) (EventID: 10010) (User: RICKS-M91P-THIN)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (03/12/2017 08:06:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (03/11/2017 07:01:51 PM) (Source: DCOM) (EventID: 10010) (User: RICKS-M91P-THIN)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (03/11/2017 06:59:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (03/11/2017 06:52:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/08/2017 03:56:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/08/2017 02:13:33 PM) (Source: DCOM) (EventID: 10010) (User: RICKS-M91P-THIN)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-03-11 17:47:42.756
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-07 17:06:20.566
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-05 21:52:07.493
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-01 20:35:22.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-01 16:15:50.315
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-28 15:54:54.423
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-20 19:29:48.396
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-17 16:10:47.065
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-13 19:25:01.277
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 19:14:12.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 8016.31 MB
Available physical RAM: 5050.55 MB
Total Virtual: 9296.31 MB
Available Virtual: 6504.54 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1862.18 GB) (Free:1575.95 GB) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:40.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DDCA25B6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=750 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: FC72903F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

broni · 2017/03/13

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

basketcase · 2017/03/15

RogueKiller

RogueKiller V12.10.0.0 (x64) [Mar 13 2017] (Free) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum - Home
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Adlice Software

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Rick [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/15/2017 20:07:10 (Duration : 00:33:28)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HUA722020ALA331 +++++
--- User ---
[MBR] cab29235713af29fc5667d4b4cf3286d
[BSP] b498ae489b963983f14a83b3b18beb6a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1906877 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 3905490944 | Size: 750 MB
User = LL1 ... OK
User = LL2 ... OK

basketcase · 2017/03/15

Malwarebytes (I have the premium version on all my computermachines...)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/15/17
Scan Time: 8:43 PM
Logfile: 2017.03.15_malwarebytes.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1511
License: Premium

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: RICKS-M91P-THIN\Rick

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373860
Time Elapsed: 7 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

basketcase · 2017/03/15

AdwCleaner

# AdwCleaner v6.044 - Logfile created 15/03/2017 at 21:05:17
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-15.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Rick - RICKS-M91P-THIN
# Running from : C:\Users\Rick\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : Customer Support & Help Center

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1039 Bytes] - [08/02/2017 08:02:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1174 Bytes] - [08/02/2017 08:02:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1304 Bytes] - [05/03/2017 22:35:36]
C:\AdwCleaner\AdwCleaner[S2].txt - [1377 Bytes] - [11/03/2017 20:34:16]
C:\AdwCleaner\AdwCleaner[S3].txt - [1280 Bytes] - [15/03/2017 21:05:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1353 Bytes] ##########

basketcase · 2017/03/15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 10 Pro x64
Ran by Rick (Administrator) on Wed 03/15/2017 at 21:11:39.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/15/2017 at 21:13:40.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

broni · 2017/03/15

Not much there....

You should be good to go

Log in or Sign up

Solved Huh. Something flagged called "wise eurask"

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Huh. Something flagged called "wise eurask"

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

basketcase Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches