Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by Jackson (06-12-2017 10:55:34) Running from F:\Farbar Recovery Scan Tool Windows 10 Home 10240.16405 (X64) (2016-12-25 18:01:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2966973244-140574636-4198648863-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2966973244-140574636-4198648863-503 - Limited - Disabled) Guest (S-1-5-21-2966973244-140574636-4198648863-501 - Limited - Disabled) Jackson (S-1-5-21-2966973244-140574636-4198648863-1001 - Administrator - Enabled) => C:\Users\Jackson ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-d9085f74-9600-42ba-83a8-e6184b29b2bd) (Version: 3.0.2.118 - WildTangent) Hidden Ableton Live 9 Lite (HKLM\...\{B2DDF870-88C9-42E6-B559-900D7424A185}) (Version: 9.0.0.0 - Ableton) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Advance - System Care (HKLM\...\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.2502 - ) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software) Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software) Azkend 2: The World Beneath (HKLM-x32\...\WTA-4f1e459e-4826-4ba7-88ed-5f4363453efa) (Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (HKLM-x32\...\WTA-cb5e353c-b717-4b5b-bd8a-3f67c0250792) (Version: 3.0.2.48 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.14.0.10 - Byte Technologies LLC) <==== ATTENTION Chromium (HKU\S-1-5-21-2966973244-140574636-4198648863-1001\...\{40A6A866-1026-79E6-A1A6-09667126DAE6}) (Version: - ) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Coyote The Outlander (HKLM-x32\...\WTA-304aee59-8c2d-45a9-9a8b-8b8d003c29cb) (Version: 3.0.2.59 - WildTangent) Hidden CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.) Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-a753a09e-bc21-4b72-a945-aab0cedcde84) (Version: 3.0.2.59 - WildTangent) Hidden DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Entwined: The Perfect Murder (HKLM-x32\...\WTA-a0c2c4e4-9aab-42b8-b34e-2c7d96b2c693) (Version: 3.0.2.59 - WildTangent) Hidden Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Family Vacation 2: Road Trip (HKLM-x32\...\WTA-baf6c84c-cc59-42e4-8359-09c1fed631a3) (Version: 3.0.2.59 - WildTangent) Hidden FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Home Makeover (HKLM-x32\...\WTA-2f07939a-85c5-4de9-ae26-c43648088eb4) (Version: 3.0.2.59 - WildTangent) Hidden HP Documentation (HKLM\...\HP_Documentation) (Version: - HP) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.8.37.11 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company) HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard) IGT Slots: Paradise Garden (HKLM-x32\...\WTA-e38ec3c4-37e3-4ae5-857a-793146c2ffc2) (Version: 3.0.2.59 - WildTangent) Hidden IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-406d1948-d246-448c-ae0d-df8752ed6d94) (Version: 3.0.2.59 - WildTangent) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Jewel Match Snowscapes (HKLM-x32\...\WTA-3fa8dff4-fff9-430a-8f5a-64ad4bad3552) (Version: 3.0.2.118 - WildTangent) Hidden KB4023057 (HKLM\...\{B977A833-7734-41A5-B820-1F23D81DC87B}) (Version: 2.6.0.0 - Microsoft Corporation) Living Legends: Frozen Beauty Collector's Edition (HKLM-x32\...\WTA-b51eeba5-2e17-47e5-bae0-ec876263358f) (Version: 3.0.2.59 - WildTangent) Hidden Lost Lands: Dark Overlord Collector's Edition (HKLM-x32\...\WTA-42a78788-fd17-4204-afc9-53fa36c8f43f) (Version: 3.0.2.59 - WildTangent) Hidden Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-2856802a-1d4b-4465-99a8-fe2d1b29c8ce) (Version: 3.0.2.59 - WildTangent) Hidden Magic Heroes: Save Our Park (HKLM-x32\...\WTA-29e9c8ec-1393-47b7-8b43-c1be6af9d6b7) (Version: 3.0.2.59 - WildTangent) Hidden Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-d1efc8f7-7ff0-4f6b-87b7-f7e03c0e012f) (Version: 3.0.2.59 - WildTangent) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2966973244-140574636-4198648863-1001\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-16d2d019-50aa-4db2-9ffd-8a84035d513c) (Version: 3.0.2.59 - WildTangent) Hidden Novation USB Audio Driver 2.6 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.6 - Novation DMS Ltd.) Opera Stable 48.0.2685.52 (HKU\S-1-5-21-2966973244-140574636-4198648863-1001\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software) Plagiarii (HKLM-x32\...\WTA-4828fc3b-ddc8-44d1-8b2a-94811ca33dbd) (Version: 3.0.2.59 - WildTangent) Hidden Polar Bowler 1st Frame (HKLM-x32\...\WTA-83384022-b870-4879-8680-3ef239aeebae) (Version: 3.0.2.59 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.) Runefall (HKLM-x32\...\WTA-25b3c5b3-66f3-40ac-840a-3a17cb3e6f0f) (Version: 3.0.2.126 - WildTangent) Hidden Rush Hour! Gas Station (HKLM-x32\...\WTA-8e421997-429c-4787-a5d6-3b4b84896b63) (Version: 3.0.2.59 - WildTangent) Hidden Sky High Farm (HKLM-x32\...\WTA-42367340-b27f-4c90-9ea2-097e92b88251) (Version: 3.0.2.59 - WildTangent) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden UpdateAssistant (HKLM-x32\...\{DE45508F-369E-4476-8F19-088F4933340E}) (Version: 1.8.0.0 - Microsoft Corporation) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) WPS Office (10.2.0.5934) (HKLM-x32\...\Kingsoft Office) (Version: 10.2.0.5934 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2966973244-140574636-4198648863-1001_Classes\CLSID\{70239788-4DAE-49B8-9270-5D8614384B49}\InprocServer32 -> C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5934\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-2966973244-140574636-4198648863-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-29] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-29] (AVAST Software) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-12-21] (McAfee, Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-29] (AVAST Software) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-01] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-25] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-29] (AVAST Software) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-12-21] (McAfee, Inc.) ContextMenuHandlers1_S-1-5-21-2966973244-140574636-4198648863-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5934\office6\addons\kpdf2wordshellext\kpdf2wordshellext64.dll [2017-08-28] (Zhuhai Kingsoft Office Software Co.,Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {030DD756-39FD-4E04-AF1F-2BBE386A70C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.) Task: {0C8F9DD7-5DEA-4C2F-9A3C-20EB7FC1844C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.) Task: {0D28EA53-5547-469C-A673-6F550373B049} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc.) Task: {1C877A83-8CFA-49A1-9796-4ACC15819099} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {2E0DDB7C-83A4-47A3-9B05-F53E37B8CFD6} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-12-25] (AVAST Software) Task: {45144F44-EC8A-4B74-904C-755BF737D4CC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-25] (Dropbox, Inc.) Task: {47D686B5-47D3-40D3-9447-834E1960D664} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {4AC64AE5-BB75-4119-8323-CB8A2860792B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.) Task: {4E6FC2F2-668C-4DE0-999A-0F8015CD0277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {558165ED-EC08-41A6-8762-AD2D13642D7A} - System32\Tasks\WpsExternal_Jackson_20170814214305 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-08-28] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {558A3E48-C7B7-4FA3-84FE-E0E34677C03B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.) Task: {7E2DED5D-1D91-4F6D-A752-8ED28D78CA8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {8276EC3A-80DE-478B-B914-BB4CE726C638} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-29] (AVAST Software) Task: {899B6BFA-355E-4D2A-A5E0-648CDE39F742} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] () Task: {8F657C99-1AA5-42A3-83B7-5CC2A36E33EC} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-07-19] (Byte Technologies LLC) <==== ATTENTION Task: {9530BD58-DE0D-4B1B-9D7B-AC8355A60D7F} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {9D4DC902-E2B7-4EFD-92FB-8FFC6FCF13E3} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-12-25] (AVAST Software) Task: {9F6E607E-E994-4F12-9B99-6C02B9FE13CE} - System32\Tasks\Opera scheduled Autoupdate 1503724242 => C:\Users\Jackson\AppData\Local\Programs\Opera\launcher.exe [2017-10-23] (Opera Software) Task: {A791D516-C6D5-4924-8A4B-BEC2A72A602B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-29] (McAfee, Inc.) Task: {A99A73B5-920D-469F-A753-023A07939FB4} - System32\Tasks\WpsKtpcntrQingTask_Jackson => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exe Task: {AE0536D7-9DDA-44FC-BF40-7AEA869F8283} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-12-09] (McAfee, Inc.) Task: {BD965B3A-FBEA-4F00-8C68-B09FC195E5F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company) Task: {C6498A82-A044-47DB-9FF7-6D5DC7BCE23E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company) Task: {CAE8B768-552D-4F80-95BE-2D325E5FC628} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {CB0672D7-5705-419D-9A6D-35951B7A5281} - \Yahoo! Powered tosen -> No File <==== ATTENTION Task: {CFC0A471-03D6-4FB4-9D94-32031EAF6DD7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW Task: {D69706AB-1522-4320-8132-33EF1EB076ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.) Task: {E0ADBB6C-6B91-4C15-BB5E-4E431BD38D4D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJackson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\WpsKtpcntrQingTask_Jackson.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5811\office6\ktpcntr.exeÃqing 10.2.0.5811 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads Task: C:\Windows\Tasks\Yahoo! Powered tosen.job => Wscript.exe C:\ProgramData\{9D715812-1733-D2D4-91F5-4C960BB7C758}\fomo.txt <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Jackson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.com/gp/bit/amazonbookmark.html?tag=hp2-desktop-us-20&partner=HP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/ ==================== Loaded Modules (Whitelisted) ============== 2015-08-06 01:23 - 2015-08-06 01:23 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2015-10-20 01:27 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-08-06 01:23 - 2015-08-06 01:23 - 000403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2016-12-25 11:06 - 2016-12-25 11:06 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 2017-08-25 22:23 - 2017-10-19 19:49 - 000302920 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 2015-08-06 01:23 - 2015-08-06 01:23 - 002498808 _____ () C:\Windows\system32\CoreUIComponents.dll 2017-08-25 22:23 - 2017-10-19 19:49 - 000620872 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2015-07-10 03:59 - 2015-07-10 03:59 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-06 01:23 - 2015-08-06 01:23 - 006576640 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 04:00 - 2015-07-10 06:15 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-06 01:23 - 2015-08-06 01:23 - 001806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-06 01:23 - 2015-08-06 01:23 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-10-29 10:54 - 2017-10-29 10:54 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-10-29 10:54 - 2017-10-29 10:54 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2017-08-25 22:13 - 2017-08-25 22:13 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-10-29 10:54 - 2017-10-29 10:54 - 000217088 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-10-29 10:54 - 2017-10-29 10:54 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-10-29 10:53 - 2017-10-29 10:53 - 000234280 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-10-29 10:54 - 2017-10-29 11:09 - 000703336 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-12-26 11:38 - 2016-03-18 04:32 - 002160128 _____ () C:\Users\Jackson\AppData\Local\chromium\Application\51.0.2683.0\libglesv2.dll 2016-12-26 11:38 - 2016-03-18 04:32 - 000075776 _____ () C:\Users\Jackson\AppData\Local\chromium\Application\51.0.2683.0\libegl.dll 2017-11-02 15:43 - 2017-11-01 04:58 - 000724288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-11-02 15:43 - 2017-11-01 04:58 - 002002752 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-11-02 15:44 - 2017-11-01 04:57 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-11-02 15:43 - 2017-11-01 04:57 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-11-02 15:43 - 2017-11-01 04:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-11-02 15:44 - 2017-11-01 04:57 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-11-02 15:43 - 2017-11-01 04:57 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-11-02 15:43 - 2017-11-01 04:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-11-02 15:44 - 2017-11-01 05:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-11-02 15:44 - 2017-11-01 04:57 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-11-02 15:44 - 2017-11-01 05:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-11-02 15:43 - 2017-11-01 04:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-11-02 15:43 - 2017-11-01 05:01 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-11-02 15:43 - 2017-11-01 04:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-11-02 15:43 - 2017-11-01 05:01 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-11-02 15:44 - 2017-11-01 05:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-11-02 15:43 - 2017-11-01 05:01 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2017-11-02 15:43 - 2017-11-01 05:01 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-11-02 15:44 - 2017-11-01 05:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-12-25 11:07 - 2016-12-25 11:07 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2966973244-140574636-4198648863-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 04:04 - 2017-12-05 12:25 - 000002103 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2966973244-140574636-4198648863-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jackson\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{84f03d28-bafa-41be-a061-cdb9b2fa78f2}.png DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{091FFFFA-4F47-48C1-9387-6B301CE2BCE2}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{38C83B7E-BD17-4260-8E74-2A405707625F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{5BCCF496-3063-4DE3-AF07-7984D86306C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{74EFCA5F-EE37-4669-A808-A2DBD249E9DA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{A09258F6-F97B-42FD-B355-E6EFDC00CE4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{EFC2773B-8416-4A45-A95A-88E5A9472A23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{6CD962CE-5F1B-49AF-BE30-D0C775FF69CE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{9AB43573-38AD-46DC-909E-5EA8E833F1CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4865EC66-3D6D-4EC8-9C1A-512F246B290E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A96DFA7C-FA99-4C45-B520-D78A2C873C53}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{19C53FFB-CA61-480B-9616-C1FBAA66272B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D099E3FF-F15F-4DD1-BDAB-8A3E866AE910}] => (Allow) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.5934\office6\wpscloudsvr.exe FirewallRules: [{A948E118-924D-4295-99B0-C167D870769E}] => (Allow) C:\Users\Jackson\AppData\Local\Programs\Opera\47.0.2631.71\opera.exe FirewallRules: [{98D506F8-F45B-4FC4-8679-EEDC3854DA42}] => (Allow) C:\Users\Jackson\AppData\Local\Programs\Opera\48.0.2685.52\opera.exe FirewallRules: [{B7EE27C9-48B8-41C1-AAE7-1DD12983B513}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{61BB014A-BACB-4049-B02A-0537A6775BCE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 29-10-2017 11:02:09 Windows Update 05-12-2017 14:01:54 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2017 10:50:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/06/2017 10:50:42 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: ) Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (12/06/2017 10:50:42 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (12/06/2017 10:50:41 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: ) Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (12/06/2017 10:50:41 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (12/06/2017 10:49:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=NetworkAvailable Error: (12/06/2017 10:49:35 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: ) Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (12/06/2017 10:49:35 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (12/06/2017 10:49:34 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: ) Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (12/06/2017 10:49:34 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 System errors: ============= Error: (12/06/2017 10:45:59 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLK4V0U) Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout. Error: (12/05/2017 05:01:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect. Error: (12/05/2017 05:01:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLK4V0U) Description: The server CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca did not register with DCOM within the required timeout. Error: (12/05/2017 05:01:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (12/05/2017 01:01:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (12/05/2017 12:26:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Application Installer Cleanup (0067751509300367) service to connect. Error: (12/05/2017 12:25:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:07:03 AM on ‎12/‎3/‎2017 was unexpected. Error: (12/02/2017 03:24:53 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (12/02/2017 12:12:31 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (12/02/2017 10:05:00 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. CodeIntegrity: =================================== Date: 2017-12-06 10:47:23.750 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-04-08 16:18:16.252 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz Percentage of memory in use: 59% Total physical RAM: 3985.95 MB Available physical RAM: 1611.51 MB Total Virtual: 8081.95 MB Available Virtual: 5480.18 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:446.3 GB) (Free:371.58 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:18.36 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (KINGSTON) (Removable) (Total:14.43 GB) (Free:14.42 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0CAD552D) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: B3F30B1E) Partition 1: (Active) - (Size=14.4 GB) - (Type=0C) ==================== End of Addition.txt ============================