I believe my computer is affected and I had a trojan about a month ago - and attempted to remove it. My wifi connection with my computer is problematic and it is only on my computer I have wifi issues. I notice in my registry I have games that I never downloaded.
Computer infected - wifi connection issues and past trojan on computer
Started by
bolivar
, Nov 30 2017 09:28 AM
Trojan
-
This topic is locked
#2
Posted 30 November 2017 - 05:35 PM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpectedhappens, don't continue Stop and ask! Never be afraid to ask questions!
Everything gets download to the desktop and tools are "Run as administrator."
Please download Farbar Recovery Scan Tooland save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which versionapplies to your system download both of them and try to run them. Only one of them will run on your system, that willbe the right version.
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpectedhappens, don't continue Stop and ask! Never be afraid to ask questions!
Everything gets download to the desktop and tools are "Run as administrator."
Please download Farbar Recovery Scan Tooland save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which versionapplies to your system download both of them and try to run them. Only one of them will run on your system, that willbe the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). Whenthe tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
#3
Posted 05 December 2017 - 11:14 AM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by hp (administrator) on HP-HP (05-12-2017 12:10:31)
Running from C:\Users\hp\Downloads
Loaded Profiles: hp (Available Profiles: hp)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Apache Software Foundation) C:\Program Files (x86)\HoudiniESQ\bin\tomcat6.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PSIService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
() C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\hp\Downloads\FRST64 (3).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: {0a813159-f176-11e3-acdf-2c27d7defd54} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: {0a813193-f176-11e3-acdf-2c27d7defd54} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: {1fe9f7e1-33f4-11e2-9f81-2c27d7defd54} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: {4fa3719f-f9a3-11e5-9dd1-2c27d7defd54} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: {57a3d5bf-49f8-11e2-988a-2c27d7defd54} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\MountPoints2: {b0d0f12f-b3e2-11e2-8173-2c27d7defd54} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1639220141-509259437-498096989-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-23] (EasyBits Software Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4554B199-90E7-4B2F-9E89-B320F6BDE52F}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{BAA8F618-DB36-477D-86A8-B2E1715077A5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DEA56892-F35A-4202-ABC4-190090A22E4E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7CFAE0B-1B4E-407B-B88A-EE30ED044850}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL =
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-23] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-23] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.6.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2013-03-30] (Intuit, Inc.)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
FireFox:
========
FF DefaultProfile: fm7zfbeu.default-1400677375396
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fm7zfbeu.default-1400677375396 [2017-11-15]
FF Homepage: Mozilla\Firefox\Profiles\fm7zfbeu.default-1400677375396 -> google.com
FF Extension: (OpenDownload²) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fm7zfbeu.default-1400677375396\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2017-01-30] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-05] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordPerfect Lightning\Programs\FirefoxExtension
FF Extension: (Copy To Wordperfect Lightning) - C:\Program Files (x86)\WordPerfect Lightning\Programs\FirefoxExtension [2013-11-12] [Lagacy] [not signed]
FF HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-21] ()
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-23] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-23] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\hp\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-09-19] (Cisco WebEx LLC)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-20] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2017-12-05]
CHR Extension: (Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-13]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-13]
CHR Extension: (Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-04]
CHR Extension: (Cisco WebEx Extension) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-09-19]
CHR Extension: (Mailtrack for Gmail & Inbox: Email tracking) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2017-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HoudiniESQ; C:\Program Files (x86)/HoudiniESQ\bin\tomcat6.exe [57344 2008-07-22] (Apache Software Foundation) [File not signed]
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2012-12-15] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-04] (NETGEAR)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [459832 2012-02-15] (Sony Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-08-19] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254552 2012-09-11] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [33600 2013-05-16] (Hewlett-Packard)
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-11-29] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-10-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-10-22] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-05 12:09 - 2017-12-05 12:09 - 002391552 _____ (Farbar) C:\Users\hp\Downloads\FRST64 (3).exe
2017-12-05 12:09 - 2017-12-05 12:09 - 002391552 _____ (Farbar) C:\Users\hp\Downloads\FRST64 (2).exe
2017-12-05 11:49 - 2017-12-05 11:49 - 000000000 ____H C:\Users\hp\BIT2199.tmp
2017-12-05 10:23 - 2017-12-05 10:23 - 000037202 _____ C:\Users\hp\Downloads\Notice of Seminar.pdf
2017-11-30 13:02 - 2017-11-30 13:02 - 000786583 _____ C:\Users\hp\Downloads\Medicaid Spend Down - The Voice - August 2011 - Vol 5 Issue_ 14.pdf
2017-11-30 10:23 - 2017-11-30 10:25 - 000064030 _____ C:\Users\hp\Downloads\Addition.txt
2017-11-30 10:20 - 2017-11-30 10:21 - 002391552 _____ (Farbar) C:\Users\hp\Downloads\FRST64 (1).exe
2017-11-30 10:19 - 2017-12-05 12:11 - 000025319 _____ C:\Users\hp\Downloads\FRST.txt
2017-11-30 10:19 - 2017-12-05 12:10 - 000000000 ____D C:\FRST
2017-11-30 10:18 - 2017-11-30 10:19 - 002391552 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2017-11-30 09:03 - 2017-11-30 09:03 - 000327772 _____ C:\Users\hp\Downloads\DOC112917-151048.pdf
2017-11-28 08:30 - 2017-11-30 08:10 - 000000000 ____D C:\Users\hp\Documents\Bolivar Injunction 11-28-17
2017-11-28 08:15 - 2017-11-28 08:15 - 000023043 _____ C:\Users\hp\Downloads\48NE3D92_051508.pdf
2017-11-28 07:59 - 2017-11-28 07:59 - 000009639 _____ C:\Users\hp\Downloads\29_045945.pdf
2017-11-28 07:51 - 2017-11-30 11:37 - 000000000 ____D C:\Users\hp\Documents\manlove, jennifer
2017-11-28 07:51 - 2017-11-28 07:51 - 000014114 _____ C:\Users\hp\Downloads\27183.S11_045115.pdf
2017-11-27 10:03 - 2017-11-27 10:03 - 000047302 _____ C:\Users\hp\Downloads\12NE3D476_070306.pdf
2017-11-27 10:00 - 2017-11-27 10:00 - 000050200 _____ C:\Users\hp\Downloads\12-13-05.Q06_070004.pdf
2017-11-27 09:57 - 2017-11-27 09:57 - 000026957 _____ C:\Users\hp\Downloads\67NE3D1_065745.pdf
2017-11-27 08:59 - 2017-11-27 08:59 - 000001483 _____ C:\Users\hp\Downloads\49NE1108A6_055923.pdf
2017-11-27 08:57 - 2017-11-27 08:57 - 000003469 _____ C:\Users\hp\Downloads\94NE2D705_055737.pdf
2017-11-27 07:55 - 2017-11-27 09:58 - 000000000 ____D C:\Users\hp\Documents\Bolviar Meetings
2017-11-25 10:58 - 2017-12-05 11:49 - 000003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForhp
2017-11-25 10:58 - 2017-12-05 11:49 - 000000320 _____ C:\Windows\Tasks\HPCeeScheduleForhp.job
2017-11-21 07:40 - 2017-11-21 07:40 - 002878797 _____ C:\Users\hp\Downloads\Work Session 01-11 16-_OCR.pdf
2017-11-21 07:28 - 2017-11-21 07:28 - 001011301 _____ C:\Users\hp\Downloads\Final Briefs.pdf
2017-11-20 09:28 - 2017-11-20 09:28 - 000010131 _____ C:\Users\hp\Downloads\970NE2D1163_062802.pdf
2017-11-19 20:06 - 2017-11-19 20:06 - 000017738 _____ C:\Users\hp\Downloads\942NE2D404_citing_references_050637.pdf
2017-11-19 19:20 - 2017-11-19 19:20 - 000012963 _____ C:\Users\hp\Downloads\09CA22.M05_042054.pdf
2017-11-19 19:02 - 2017-11-19 19:02 - 000007513 _____ C:\Users\hp\Downloads\104864.T05_040213.pdf
2017-11-19 18:44 - 2017-11-19 18:44 - 000007100 _____ C:\Users\hp\Downloads\04CA008566.M01_034452.pdf
2017-11-19 17:57 - 2017-11-19 17:57 - 000007700 _____ C:\Users\hp\Downloads\A008775.I08_025706.pdf
2017-11-19 17:39 - 2017-11-19 17:39 - 000006313 _____ C:\Users\hp\Downloads\C-160682.T06_023857.pdf
2017-11-19 17:37 - 2017-11-19 17:37 - 000019533 _____ C:\Users\hp\Downloads\2015CA00038.R10_023722.pdf
2017-11-19 17:33 - 2017-11-19 17:33 - 000007700 _____ C:\Users\hp\Downloads\A008775.I08_023303.pdf
2017-11-19 17:31 - 2017-11-19 17:31 - 000009496 _____ C:\Users\hp\Downloads\07HA5.K06_023145.pdf
2017-11-19 16:06 - 2017-11-19 16:06 - 000019409 _____ C:\Users\hp\Downloads\25753.Q02_010651.pdf
2017-11-19 16:04 - 2017-11-19 16:04 - 000052797 _____ C:\Users\hp\Downloads\15 MA 0225.T08_010420.pdf
2017-11-19 16:02 - 2017-11-19 16:02 - 000010167 _____ C:\Users\hp\Downloads\25818.O08_010227.pdf
2017-11-19 15:59 - 2017-11-19 15:59 - 000012371 _____ C:\Users\hp\Downloads\26215.O11_125941.pdf
2017-11-19 09:50 - 2017-11-19 09:50 - 000005639 _____ C:\Users\hp\Downloads\600NE2D394_065049.pdf
2017-11-19 09:48 - 2017-11-19 09:48 - 000011229 _____ C:\Users\hp\Downloads\407NE2D490_064815.pdf
2017-11-19 09:43 - 2017-11-19 09:43 - 000013081 _____ C:\Users\hp\Downloads\436NE2D1008_064343.pdf
2017-11-19 09:22 - 2017-11-19 09:22 - 000018278 _____ C:\Users\hp\Downloads\17-COA-005.T10_062201.pdf
2017-11-19 08:27 - 2017-11-19 08:27 - 000754820 _____ C:\Users\hp\Downloads\Document_Judgment Entry (8).pdf
2017-11-19 08:27 - 2017-11-19 08:27 - 000446762 _____ C:\Users\hp\Downloads\Huth v Kus transcript.pdf
2017-11-18 10:19 - 2017-11-18 10:19 - 000000000 ____D C:\Users\hp\AppData\Local\HP_Inc
2017-11-18 09:58 - 2017-11-18 09:58 - 001066061 _____ C:\Users\hp\Downloads\court recording transcribed.pdf
2017-11-16 15:30 - 2017-11-16 15:30 - 000754820 _____ C:\Users\hp\Downloads\Document_Judgment Entry (7).pdf
2017-11-16 14:31 - 2017-11-16 14:31 - 000067598 _____ C:\Users\hp\Downloads\Document_Judgment Entry (6).pdf
2017-11-16 10:22 - 2017-11-16 10:22 - 000152758 _____ C:\Users\hp\Downloads\memo to bar only re proposed local rules 2018 (1).pdf
2017-11-16 10:21 - 2017-11-16 10:21 - 000692379 _____ C:\Users\hp\Downloads\Proposed Local Rules 2018.pdf
2017-11-16 10:21 - 2017-11-16 10:21 - 000152758 _____ C:\Users\hp\Downloads\memo to bar only re proposed local rules 2018.pdf
2017-11-16 07:42 - 2017-11-16 07:42 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-14 11:27 - 2017-11-14 11:27 - 000217575 _____ C:\Users\hp\Downloads\5-17-cv-00234-BYP (2).zip
2017-11-14 08:05 - 2017-11-14 08:05 - 000007510 _____ C:\Users\hp\Downloads\15 CAC 07 0058.S02_050527.pdf
2017-11-14 07:52 - 2017-11-14 07:52 - 000014194 _____ C:\Users\hp\Downloads\L-16-1274.T05_045226.pdf
2017-11-14 07:35 - 2017-11-14 07:35 - 000009908 _____ C:\Users\hp\Downloads\04 BE 40.M01_043552.pdf
2017-11-14 07:26 - 2017-11-14 07:26 - 010574685 _____ C:\Users\hp\Downloads\Discovery received by the state..pdf
2017-11-13 10:47 - 2017-11-13 13:37 - 000000000 ____D C:\Users\hp\Documents\Grove City Reptiles
2017-11-13 09:33 - 2017-11-13 09:33 - 000002227 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2017-11-13 09:32 - 2017-11-13 09:32 - 000000000 ____D C:\ProgramData\HP Inc
2017-11-13 09:28 - 2017-11-13 09:29 - 035357824 _____ (HP Inc. ) C:\Users\hp\Downloads\sp82049.exe
2017-11-09 13:19 - 2017-11-09 13:19 - 000035273 _____ C:\Users\hp\Downloads\img3434.djvu
2017-11-09 12:59 - 2017-11-09 12:59 - 000016301 _____ C:\Users\hp\Downloads\748NE2D58_095903.pdf
2017-11-09 12:44 - 2017-11-09 13:17 - 000000000 ____D C:\Users\hp\Documents\Huth-Massillon
2017-11-09 12:44 - 2017-11-09 12:44 - 000016235 _____ C:\Users\hp\Downloads\667NE2D1223_094409.pdf
2017-11-09 12:05 - 2017-11-09 12:27 - 000054272 ____H C:\Users\hp\Documents\~WRL1017.tmp
2017-11-09 12:05 - 2017-11-09 12:24 - 000055808 ____H C:\Users\hp\Documents\~WRL1754.tmp
2017-11-09 12:05 - 2017-11-09 12:24 - 000053760 ____H C:\Users\hp\Documents\~WRL2608.tmp
2017-11-09 12:05 - 2017-11-09 12:21 - 000058368 ____H C:\Users\hp\Documents\~WRL1220.tmp
2017-11-09 12:05 - 2017-11-09 12:15 - 000057344 ____H C:\Users\hp\Documents\~WRL1295.tmp
2017-11-09 12:05 - 2017-11-09 12:06 - 000056832 ____H C:\Users\hp\Documents\~WRL3114.tmp
2017-11-09 12:05 - 2017-11-09 12:05 - 000056832 ____H C:\Users\hp\Documents\~WRL0341.tmp
2017-11-08 16:44 - 2017-11-29 11:04 - 000369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2017-11-08 16:44 - 2017-11-29 11:04 - 000281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2017-11-08 16:44 - 2017-11-29 11:04 - 000106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2017-11-08 16:44 - 2017-11-29 11:04 - 000096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2017-11-08 16:44 - 2017-11-29 11:04 - 000035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2017-11-08 16:44 - 2017-11-29 11:04 - 000002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2017-11-08 16:44 - 2017-11-29 11:04 - 000002050 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2017-11-08 16:44 - 2017-11-29 11:04 - 000000000 ____D C:\Users\hp\AppData\Local\NETGEARGenie
2017-11-08 16:44 - 2017-11-29 11:04 - 000000000 ____D C:\Program Files (x86)\NETGEAR Genie
2017-11-08 16:43 - 2017-11-08 16:44 - 046407968 _____ (NETGEAR Inc.) C:\Users\hp\Downloads\NETGEARGenie-install.exe
2017-11-08 11:26 - 2017-11-08 11:26 - 000266969 _____ C:\Users\hp\Downloads\Motion dockets 11 13 17.pdf
2017-11-07 10:01 - 2017-11-07 10:01 - 000013721 _____ C:\Users\hp\Downloads\338BR372_citing_references_070145.pdf
2017-11-07 10:01 - 2017-11-07 10:01 - 000001221 _____ C:\Users\hp\Downloads\338BR372_citing_references_070134.pdf
2017-11-07 10:01 - 2017-11-07 10:01 - 000001221 _____ C:\Users\hp\Downloads\338BR372_citing_references_070121.pdf
2017-11-07 10:01 - 2017-11-07 10:01 - 000001221 _____ C:\Users\hp\Downloads\338BR372_citing_references_070111.pdf
2017-11-07 09:56 - 2017-11-07 09:56 - 000033935 _____ C:\Users\hp\Downloads\338BR372_citing_references_065627.pdf
2017-11-07 09:54 - 2017-11-07 09:54 - 000022562 _____ C:\Users\hp\Downloads\338BR372_citing_references_065439.pdf
2017-11-07 09:54 - 2017-11-07 09:54 - 000001245 _____ C:\Users\hp\Downloads\338BR372_citing_references_065430.pdf
2017-11-07 09:52 - 2017-11-07 09:52 - 000007178 _____ C:\Users\hp\Downloads\338BR372_065233.pdf
2017-11-07 09:50 - 2017-11-07 09:50 - 000032723 _____ C:\Users\hp\Downloads\11-72074.R02_065023.pdf
2017-11-07 09:38 - 2017-11-07 09:38 - 000011687 _____ C:\Users\hp\Downloads\550BR854_063816.pdf
2017-11-07 09:25 - 2017-11-07 09:25 - 000129432 _____ C:\Users\hp\Downloads\20171106204832.pdf
2017-11-06 11:48 - 2017-11-06 11:48 - 000186213 _____ C:\Users\hp\Downloads\Council - October 2 2017 - draft copy.pdf
2017-11-06 11:48 - 2017-11-06 11:48 - 000186213 _____ C:\Users\hp\Downloads\Council - October 2 2017 - draft copy (1).pdf
2017-11-06 11:46 - 2017-11-06 11:46 - 000193286 _____ C:\Users\hp\Downloads\ORD Animals at Large (00479941xBE3C8) - DRAFT.pdf
2017-11-06 08:00 - 2017-11-06 08:00 - 000024293 _____ C:\Users\hp\Downloads\218 WDA 2017.T05_045958.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-05 12:11 - 2017-10-22 15:03 - 000136147 _____ C:\Windows\ZAM.krnl.trace
2017-12-05 12:11 - 2017-10-22 15:03 - 000111558 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-05 11:49 - 2016-03-02 16:30 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1639220141-509259437-498096989-1001UA.job
2017-12-05 11:49 - 2012-10-09 13:58 - 000000000 ____D C:\Users\hp
2017-12-05 11:48 - 2017-09-06 10:36 - 000000516 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1639220141-509259437-498096989-1001.job
2017-12-05 11:04 - 2012-10-09 14:02 - 000003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{72EEAA48-D7C5-4FAC-9299-1191B2D04A53}
2017-12-05 10:48 - 2017-09-06 10:36 - 000000612 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1639220141-509259437-498096989-1001.job
2017-12-05 10:06 - 2016-03-02 16:30 - 000000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1639220141-509259437-498096989-1001Core.job
2017-12-04 12:40 - 2012-10-11 14:18 - 000000000 ____D C:\Users\hp\AppData\Roaming\PrimoPDF
2017-12-04 08:32 - 2009-07-13 23:45 - 000031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-04 08:32 - 2009-07-13 23:45 - 000031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-04 08:29 - 2009-07-14 00:13 - 000782452 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-04 08:29 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2017-12-04 08:23 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-30 10:28 - 2016-09-06 13:09 - 001296384 ___SH C:\Users\hp\Downloads\Thumbs.db
2017-11-30 09:04 - 2017-03-03 09:04 - 000000000 ____D C:\Users\hp\Documents\animals
2017-11-29 08:32 - 2017-02-14 16:51 - 000000000 ____D C:\Users\hp\Documents\utilities II
2017-11-28 12:03 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-11-28 08:31 - 2016-05-17 08:05 - 000000000 ____D C:\Users\hp\Documents\Bolivar Injunction
2017-11-27 12:31 - 2017-03-12 12:14 - 000000000 ____D C:\Users\hp\Documents\Christina
2017-11-27 08:58 - 2017-05-18 10:20 - 000000000 ____D C:\Users\hp\Documents\Don Miller
2017-11-19 08:24 - 2017-09-06 10:36 - 000003626 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1639220141-509259437-498096989-1001
2017-11-19 08:24 - 2017-09-06 10:36 - 000003530 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1639220141-509259437-498096989-1001
2017-11-19 08:24 - 2017-09-06 10:36 - 000000000 ____D C:\Users\hp\AppData\Local\GoToMeeting
2017-11-18 10:15 - 2013-05-21 09:04 - 000000000 ____D C:\Program Files\HP
2017-11-18 10:15 - 2012-11-05 13:52 - 000000000 ____D C:\ProgramData\HP
2017-11-16 13:09 - 2017-02-07 08:06 - 000000000 ____D C:\Users\hp\Documents\Attorney Practice
2017-11-16 12:13 - 2013-01-31 10:51 - 000001092 _____ C:\Windows\Brpfx04a.ini
2017-11-16 08:23 - 2013-01-31 10:49 - 000000000 _____ C:\Windows\brdfxspd.dat
2017-11-16 07:42 - 2014-09-19 09:19 - 000000000 ____D C:\Users\hp\AppData\Roaming\Dropbox
2017-11-15 13:24 - 2016-03-13 10:49 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 07:22 - 2012-11-30 15:19 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 07:22 - 2012-11-30 15:19 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 09:34 - 2014-04-07 09:39 - 000000000 ____D C:\Users\hp\AppData\Roaming\HpUpdate
2017-11-13 09:34 - 2011-05-23 16:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-13 09:33 - 2012-12-15 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-11-13 09:33 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\Help
2017-11-13 09:32 - 2011-05-23 15:45 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-11-13 09:31 - 2012-11-05 13:53 - 000000000 ____D C:\Program Files (x86)\HP
2017-11-13 09:31 - 2012-10-09 14:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\hpqLog
2017-11-13 09:31 - 2012-10-09 14:00 - 000000000 ____D C:\Users\hp\AppData\Local\Hewlett-Packard
2017-11-13 09:31 - 2011-05-23 15:59 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-11-13 09:30 - 2011-05-23 15:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-11-13 09:29 - 2011-02-10 14:23 - 000000000 ____D C:\SWSetup
2017-11-13 09:20 - 2012-10-09 14:00 - 000000000 ____D C:\Users\hp\AppData\Roaming\Hewlett-Packard
2017-11-13 09:04 - 2011-05-23 16:12 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-11-11 19:15 - 2017-08-23 14:34 - 000000000 ____D C:\Users\hp\Documents\Peroli, Joette
2017-11-09 12:56 - 2017-10-23 07:46 - 000000000 ____D C:\Users\hp\Documents\Graber, Scott
2017-11-08 15:55 - 2017-03-31 12:06 - 000000000 ____D C:\Users\hp\Documents\Time Warner Spectrum
2017-11-07 09:26 - 2017-02-06 09:26 - 000000000 ____D C:\Users\hp\Documents\utilities
2017-11-06 12:42 - 2013-03-20 13:36 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2013-02-13 14:52 - 2012-04-27 14:47 - 002170880 _____ (Knowles Publishing, Inc.) C:\Users\hp\Discovery.exe
2012-10-11 15:58 - 2013-01-16 15:29 - 000001925 _____ () C:\Users\hp\AppData\Roaming\Rim.Desktop.Exception.log
2012-10-11 15:58 - 2012-10-11 15:58 - 000001153 _____ () C:\Users\hp\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-10-11 15:58 - 2013-01-16 15:29 - 000001925 _____ () C:\Users\hp\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-01-16 15:17 - 2013-01-16 15:29 - 000000231 _____ () C:\Users\hp\AppData\Roaming\Rim.Transcoder.Exception.log
2013-01-16 15:17 - 2013-01-16 15:17 - 000003584 _____ () C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-10-30 13:05
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by hp (05-12-2017 12:11:51)
Running from C:\Users\hp\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-09 18:58:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1639220141-509259437-498096989-500 - Administrator - Disabled)
Guest (S-1-5-21-1639220141-509259437-498096989-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1639220141-509259437-498096989-1004 - Limited - Enabled)
hp (S-1-5-21-1639220141-509259437-498096989-1001 - Administrator - Enabled) => C:\Users\hp
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_G510nz_Help (HKLM-x32\...\{690879A5-18EF-447B-98D6-B699D51008AB}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (HKLM-x32\...\{5B05FF91-F20C-4832-A8DE-E1912639C17C}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (HKLM-x32\...\{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}) (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Chronotron Pro (HKLM-x32\...\{4CCE77B1-36E1-4A25-91BD-350A0B7C11DE}) (Version: 1.0.0 - Chronotron.com)
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2110 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Decipher TextMessage (HKLM-x32\...\{F35BEED1-67B2-4437-B71F-4099B5222F06}) (Version: 5.5.1 - Decipher Media)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Discovery (C:\Program Files (x86)\disc\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
Discovery (C:\Program Files (x86)\disc\) #4 (HKLM-x32\...\ST6UNST #4) (Version: - )
Discovery (C:\Program Files (x86)\disc\) (HKLM-x32\...\ST6UNST #2) (Version: - )
Discovery (HKLM-x32\...\ST6UNST #1) (Version: - )
DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Document Express DjVu Plug-in (HKLM\...\{3677A6FF-9C6F-48B7-B0DC-E958C2FE4FFF}) (Version: 6.1.35472 - Cuminas Corporation)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FTR TheRecord Player (HKLM-x32\...\{530566D0-895A-4F2C-9CE5-8DEB854CB027}) (Version: 5.6.2.0 - FTR Pty. Ltd.) Hidden
FTR TheRecord Player (HKLM-x32\...\InstallShield_{530566D0-895A-4F2C-9CE5-8DEB854CB027}) (Version: 5.6.2.0 - FTR Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.17.0.7943 (HKU\S-1-5-21-1639220141-509259437-498096989-1001\...\GoToMeeting) (Version: 8.17.0.7943 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Business 2012 (Remove Only) (HKLM-x32\...\H&R Block Business 2012) (Version: - )
H&R Block Ohio 2012 (HKLM-x32\...\{E85D9824-9316-4124-9AC2-9F7E63B97295}) (Version: 1.12.4401 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
HotDocs Player 11 (64bit) (HKLM\...\{BEC0672D-63DA-49E2-ADE9-105D32D5BC7E}) (Version: 11.00.3411 - HotDocs Corporation)
HoudiniESQ Windows (HKLM-x32\...\HoudiniESQ Windows 1.8.97.1) (Version: 1.8.97.1 - LOGiCBit Software LLC)
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Documentation (HKLM-x32\...\{99CEB89F-50EC-4979-BDF6-148645D7EB35}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.8.37.11 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iPhoneSMSExport (HKLM-x32\...\iPhoneSMSExport) (Version: - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.48.00 - NETGEAR Inc.)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nextiva Codec (HKLM-x32\...\{BE18FDC3-7E2E-4DE5-B471-DB74491768F2}) (Version: 63.1.2853 - Verint Video Solutions)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OhioDocs 4.2.0 (HKLM-x32\...\OhioDocs) (Version: 4.2.0 - The Ohio Bar Association)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Tool for VeryAndroid SMS Backup 3.2.1 (HKLM-x32\...\PC Tool for VeryAndroid SMS Backup) (Version: 3.2.1 - VeryAndroid)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4001.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4001.2206 - Intuit Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealLegal E-Transcript Bundle Viewer (HKLM-x32\...\{521D6EE7-E5B6-4E9B-837A-BEF39247FF07}) (Version: 6.0.1.887 - Thomson Reuters)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
Smart Organizing Monitor for SP 210 Series (HKLM-x32\...\{D1EC71F7-E534-4A54-A75A-DCDCCAD77BF7}) (Version: 1.00 - RICOH)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartWebPrinting (HKLM-x32\...\{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SofTest v11 (HKLM-x32\...\{6E601B1B-8542-41DB-A361-B3817CC727AD}) (Version: 11.4.6 - Examsoft) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{6E601B1B-8542-41DB-A361-B3817CC727AD}) (Version: 11.4.6 - Examsoft)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{cccb8171-b60b-4da8-8a0a-00e21ff41860}) (Version: 3.0.36.9 - TunnelBear)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WordPerfect Lightning - MSOM (HKLM-x32\...\{F6EE49FD-B736-4888-A05A-115F3B1160FA}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning (HKLM-x32\...\_{4873CC58-69D8-490D-9E5C-001DC2EE202E}) (Version: - Corel Corporation)
WordPerfect Lightning (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE202E}) (Version: 0.3 - Corel Corporation) Hidden
Works Suite OS Pack (HKLM-x32\...\{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\hp\AppData\Local\GoToMeeting\7586\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1639220141-509259437-498096989-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-22] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-09-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-22] ()
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.)
ContextMenuHandlers1_S-1-5-21-1639220141-509259437-498096989-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1639220141-509259437-498096989-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1639220141-509259437-498096989-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\hp\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0263C98F-5111-47D7-AA8D-23DADCED6128} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-09-27] (HP Inc.)
Task: {03E92B07-8445-404C-8178-120105218D3B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02] (Google Inc.)
Task: {1896E965-4DCD-48A9-BE20-4E927F2C0B26} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02] (Google Inc.)
Task: {2BDBAC1F-8006-46D9-9DFB-1791EF2657B1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1639220141-509259437-498096989-1001UA => C:\Users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-03-02] (Dropbox, Inc.)
Task: {34D4BA25-98B7-486E-AEEB-0443A786C004} - System32\Tasks\G2MUploadTask-S-1-5-21-1639220141-509259437-498096989-1001 => C:\Users\hp\AppData\Local\GoToMeeting\7943\g2mupload.exe [2017-11-19] (LogMeIn, Inc.)
Task: {420DB761-0835-4460-8D40-9B9B8E4D2835} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {4D2648DD-E356-447E-8922-BD7B3D6402AD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1639220141-509259437-498096989-1001Core => C:\Users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-03-02] (Dropbox, Inc.)
Task: {5C59C138-4CEB-46A1-8862-6B0628B6914F} - System32\Tasks\HPCeeScheduleForhp => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {75B3C601-7515-4DCA-87D7-FBDA790E0CFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {77086B1F-05B2-4C4E-A1B3-89253E71B75E} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {8446E903-BE7B-4791-BECF-92652BCB602A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8CB0FE2B-9CFF-4594-8337-0A157F45144F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {93FAB2A5-4E5B-4932-A4C5-70CCA7C1165C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {AFC5C94E-4E9D-475B-AFF5-A8418FA19A9B} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {B2108DB9-6915-4838-B6EE-A0D39A1DEBEE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)
Task: {B8D8A166-B68F-4CF7-9476-4E984184E8EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {C56D0375-80B5-4001-B803-106D6AF6BD84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {CA54D5C0-FF52-4952-AA61-90461B10BEFA} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E5E694AD-364D-4DA3-B09F-039E9F279A2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {E9494F7D-B840-4C3F-9221-A42C83756BA5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {FADE38B8-651D-4A34-ADB2-F0E3BA30A3D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1639220141-509259437-498096989-1001 => C:\Users\hp\AppData\Local\GoToMeeting\7943\g2mupdate.exe [2017-11-19] (LogMeIn, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1639220141-509259437-498096989-1001Core.job => C:\Users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1639220141-509259437-498096989-1001UA.job => C:\Users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1639220141-509259437-498096989-1001.job => C:\Users\hp\AppData\Local\GoToMeeting\7943\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1639220141-509259437-498096989-1001.job => C:\Users\hp\AppData\Local\GoToMeeting\7943\g2mupload.exe
Task: C:\Windows\Tasks\HPCeeScheduleForhp.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-10-22 15:03 - 2017-10-22 15:03 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2012-10-11 14:18 - 2011-02-28 17:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2011-09-28 06:19 - 2011-09-28 06:19 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 000177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2014-10-29 11:49 - 2012-09-11 22:03 - 000254552 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-03-10 13:38 - 2005-04-21 23:36 - 000143360 _____ () C:\Windows\system32\BrSNMP64.dll
2017-09-06 15:48 - 2017-09-06 15:48 - 000037248 _____ () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe
2013-09-17 15:59 - 2013-05-16 09:55 - 000113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-17 15:59 - 2013-05-16 09:55 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-17 15:59 - 2013-05-16 09:55 - 000161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-17 15:59 - 2012-08-23 09:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-17 15:59 - 2012-04-03 16:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-05-14 17:16 - 2013-05-14 17:16 - 000904704 _____ () C:\Program Files (x86)\Examsoft\Softest 11.0\System.Data.SQLite.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2017-11-15 13:24 - 2017-11-10 04:21 - 003075928 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 13:24 - 2017-11-10 04:21 - 000086872 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1639220141-509259437-498096989-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.Startup
MSCONFIG\startupfolder: C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\Windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: FTR Search Folders => C:\Program Files (x86)\FTR\ForTheRecord\FTRSearchFolders.exe
MSCONFIG\startupreg: HP Deskjet 3510 series (NET) => "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29L1PGD705R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B5310DDF-A4D6-4A67-AC77-D05831CE1F5E}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{3CC343F1-06F1-47C3-9A42-4687C9A22B6F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{9C4FAC68-4D8C-4338-AE05-3673972F52B2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A59B53EC-91E6-47D0-91B2-2689142F40BF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{CBD06988-049E-4EC8-89A3-6EE034A7ADC8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C24D38AD-08D1-4C3F-8E50-79B07B3EE29B}] => (Allow) LPort=2869
FirewallRules: [{CF01BCD1-BE19-47A4-9D2A-430347C86C93}] => (Allow) LPort=1900
FirewallRules: [{13D00327-6CD0-4F44-8ABC-A2F8F9415907}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B7F766FF-84C4-451C-87AA-CEC11DE0371F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{070C6AA6-E6B0-43D5-8DFE-7C7B8E043C4F}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{A74947F3-4C3F-4307-855D-8E83414FD3B6}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{7D36DAD2-F05C-498A-88B1-213701CF9FAD}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{D20BD07A-9404-41D2-9CBD-4C43570E7837}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{12BDE21C-035F-4359-947D-D8CF31550CE8}] => (Allow) LPort=4481
FirewallRules: [{80F9486B-B281-494B-8923-769D485F23EC}] => (Allow) LPort=4481
FirewallRules: [{5D194063-4832-4F54-9A39-5602A75F05EF}] => (Allow) LPort=4482
FirewallRules: [{6A8E99E6-943A-4A69-9456-3B58623776F6}] => (Allow) LPort=4482
FirewallRules: [{99A42185-8991-4131-A26C-BF2EDCA88777}] => (Allow) C:\Users\hp\AppData\Local\Temp\HP\OJ4500vG510n-z_Full_13_en\setup\hpznui40.exe
FirewallRules: [{458295CE-E4DF-4273-A8B4-9D4F819838DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{7A6A14B4-CE2F-4C69-8B01-4B77103E34FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D5753491-CDFC-4EA2-9D13-29DFAA6546AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DD883D0F-6112-497D-8E2E-5526637E4784}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{A9BBEAA9-D619-4274-B081-1442F17AD6BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4B62852C-ABE2-48E1-8DE0-1BA859ECD12A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{F3B55E07-27CA-4D7E-A907-D5FA4613AE03}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D67127C2-8627-4C20-87FA-F422811BA1DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{02B480B0-F28A-4401-85D7-AA134CE4BEEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{27A0C6EB-1CB5-40A1-8063-B2C5864B922D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{901DC105-AE38-418F-ABDA-EBF6D0DEA2D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{3C404F46-2BE3-4D0B-B548-7EDD361354B6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{E168AA0B-1737-410D-86A4-86046CA6947F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CEDE29F2-99A5-4AD5-BADF-112D8DE24A83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A48C2A19-F592-448E-8239-D403845765AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3CCB4327-69CF-448F-B7A8-5F06725F4DC0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{4D03B350-D488-4054-9A8F-ECF0BA6AEA44}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{AE2D14B8-6CBB-4984-9E89-AE756970A78D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{BF91B818-8E22-482D-9357-7457D2698789}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A6079E38-84B4-4809-A5BD-5935A2694A34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63B5C91A-A5EB-4D48-A1E2-C2A74CC10BE4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{73EC4CAE-AD33-428B-89C5-B7EF7AE348F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CE3508B6-0430-411A-A879-CD14BB47481D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0D4A14B-D8DF-43DF-990C-8F46761278B5}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{0FEACDA8-CF4C-43F0-B4BF-400ACC47D318}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{AF1E2DB4-3EDC-44A7-B19A-0B120A362998}C:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe] => (Allow) C:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe
FirewallRules: [UDP Query User{11B3CAA2-CAF2-44CB-80B8-8FC864A67F40}C:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe] => (Allow) C:\program files (x86)\decipher media\decipher textmessage\jre\bin\java.exe
FirewallRules: [TCP Query User{EF7CE138-2852-4CBC-9436-7128DCFE35F6}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{CB0AB300-BAC3-48BC-A781-C4B1B15D78DA}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{B7A3229E-5E04-4B5B-B7E5-4A1C067354B1}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{523C67E6-A9D0-4259-A2AE-442640CBC055}C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{2E9F3F45-4253-40AE-B11A-5A54B521039F}] => (Block) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{53ED40CF-5A2F-4803-89A5-4634BA2BD2C7}] => (Block) C:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{041FD5B7-2E97-4C07-9F73-13412E04C2C0}C:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{1919A282-444D-4191-B44E-0AEFA1A928B7}C:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{AB476014-54CC-4F90-A13D-D4FDDEA6E7BE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{0A537B4D-3713-40C7-AA41-721B8C31DC57}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{108BA72B-07D4-45EB-8B3B-6F4FA97D453F}] => (Allow) LPort=54925
FirewallRules: [{B74F35CF-B3C7-4CDF-AF92-68B17A409687}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51ACC056-33B3-4104-B202-141A0B818828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6437AEEB-367E-454B-9C99-74215C839104}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
29-09-2017 11:14:48 Scheduled Checkpoint
22-10-2017 14:52:45 Checkpoint by HitmanPro
22-10-2017 14:53:38 Checkpoint by HitmanPro
04-11-2017 10:52:03 Scheduled Checkpoint
13-11-2017 09:03:46 HPSF Applying updates
13-11-2017 09:19:02 HPSF Applying updates
13-11-2017 09:30:47 Installed HP Support Assistant
13-11-2017 09:32:20 Windows Modules Installer
13-11-2017 09:33:00 Windows Modules Installer
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/05/2017 12:08:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 12:03:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 11:58:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 11:53:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 11:18:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 11:13:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 11:08:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 11:03:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 10:58:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/05/2017 10:53:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (12/04/2017 08:26:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/04/2017 08:23:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (12/04/2017 08:23:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:21:47 AM on 12/4/2017 was unexpected.
Error: (11/30/2017 08:09:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSupportSolutionsFrameworkService service.
Error: (11/24/2017 11:53:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
The system cannot find the file specified.
Error: (11/24/2017 11:51:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (11/24/2017 11:51:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:27:37 AM on 11/23/2017 was unexpected.
Error: (11/18/2017 08:57:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
Error: (11/18/2017 08:56:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
Error: (11/18/2017 08:55:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
==================== Memory info ===========================
Processor: AMD A4-3300M APU with Radeon™ HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 3562.91 MB
Available physical RAM: 1188.41 MB
Total Virtual: 7124.01 MB
Available Virtual: 3762.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:451.6 GB) (Free:344.96 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.86 GB) (Free:1.52 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E1A650A4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End of Addition.txt ============================
#4
Posted 05 December 2017 - 05:04 PM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Next
Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
- XP users: Double click the AdwCleaner icon to start the program.
- Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:
- Click the Scan button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
- Click the Clean button.
- Everything checked will be moved to Quarantine.
- When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
- On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL =
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-20] <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
- Click Format and ensure Wordwrap is unchecked.
- Save as Fixlist.txt to your Desktop (Must be in this location)
- Run FRST/FRST64 and press the Fix button just once and wait.
- If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
- The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
#5
Posted 06 December 2017 - 12:42 PM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 06 18:39:39 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: Sweetpacks - sweetpacks-search.com
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [4114 B] - [2017/10/22 19:16:33]
C:/AdwCleaner/AdwCleaner[S0].txt - [4584 B] - [2017/10/22 19:16:1]
C:/AdwCleaner/AdwCleaner[S1].txt - [1279 B] - [2017/12/6 18:39:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
#6
Posted 06 December 2017 - 12:56 PM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by hp (06-12-2017 13:48:12) Run:1
Running from C:\Users\hp\Desktop
Loaded Profiles: hp (Available Profiles: hp)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {4A86745F-DB47-4A3A-A643-9FDC6596EFEA} URL =
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1639220141-509259437-498096989-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-07-20] <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A86745F-DB47-4A3A-A643-9FDC6596EFEA}" => removed successfully
HKLM\Software\Classes\CLSID\{4A86745F-DB47-4A3A-A643-9FDC6596EFEA} => key not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => removed successfully
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{4A86745F-DB47-4A3A-A643-9FDC6596EFEA}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{4A86745F-DB47-4A3A-A643-9FDC6596EFEA} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found
"HKU\S-1-5-21-1639220141-509259437-498096989-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A86745F-DB47-4A3A-A643-9FDC6596EFEA}" => removed successfully
HKLM\Software\Classes\CLSID\{4A86745F-DB47-4A3A-A643-9FDC6596EFEA} => key not found
"HKU\S-1-5-21-1639220141-509259437-498096989-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => removed successfully
HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found
"HKU\S-1-5-21-1639220141-509259437-498096989-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => removed successfully
HKLM\Software\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => key not found
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{6DCA0267-46CF-465C-9699-6E26E86ABDB1} canceled.
{CE2C8FF3-5CE4-472C-8B46-2664FDF627D1} canceled.
{DCF1F72B-2DE6-4334-8290-BC064EC10B6A} canceled.
{0CA4E282-6A6E-4EB3-BEC3-A87822E1951F} canceled.
{C1F34A48-33D1-4168-870D-98E6E7DFE2A0} canceled.
{253DB8B0-5BD7-4B48-9984-56A2AB100118} canceled.
{0473D3B1-98F6-4A69-A413-E84667A5D55F} canceled.
{F22999CB-DAF1-4A55-B9DE-B9011A07ED15} canceled.
{0B136123-A00E-4BC2-B673-CF026A227985} canceled.
{7D65B0DC-F60F-44D8-86DF-DE4BBC14C735} canceled.
{CD672D86-0893-450A-9398-1E57AA5CE403} canceled.
{B05CE305-8265-44E1-83E8-6833932805C8} canceled.
{38AA8734-5EFA-44A7-8612-D8618AF891C8} canceled.
{9A630ABD-B9C7-4152-94FA-2587146A0E16} canceled.
{4F48228C-0D2F-41E8-95E7-38B29E025C64} canceled.
{D2FF398F-AA1F-484F-BDAA-32010CDBABD1} canceled.
16 out of 16 jobs canceled.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1639220141-509259437-498096989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1639220141-509259437-498096989-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 146218207 B
Java, Flash, Steam htmlcache => 8894 B
Windows/system/drivers => 3927810349 B
Edge => 0 B
Chrome => 506460800 B
Firefox => 134464792 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 3007209 B
systemprofile32 => 3759703 B
LocalService => 82612 B
NetworkService => 123944 B
hp => 33836313 B
RecycleBin => 0 B
EmptyTemp: => 4.4 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:50:34 ====
#7
Posted 06 December 2017 - 02:33 PM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hello,
Lets run a Malwarebytes scan. I will be out for a while this evening.
Thanks
Joe
Next
Lets run a Malwarebytes scan. I will be out for a while this evening.
Thanks
Joe
Next
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
- Reboot your computer if prompted.
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- post that saved log to your next reply.
#8
Posted 07 December 2017 - 02:51 PM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
*FYI, I was unable to "remove selected" threats, as you instructed. Instead, the only option I got was to quarantine them, which I did.
log is attached.
#9
Posted 07 December 2017 - 02:52 PM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
Malware Scan 12-7-17.txt 1.89KB
235 downloads
#10
Posted 07 December 2017 - 02:56 PM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Please download MiniToolBox http://download.blee...MiniToolBox.exe and run it.
Checkmark following boxes:
Checkmark following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size
- List Restore Points
#11
Posted 08 December 2017 - 08:31 AM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
MiniToolBox by Farbar Version: 17-06-2016
Ran by hp (administrator) on 08-12-2017 at 09:31:07
Running from "C:\Users\hp\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: HP Pavilion g7 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
TunnelBear Adapter V9 = Local Area Connection 5 (Hardware not present)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled dhcpmediasense=disabled
set interface interface="Local Area Connection 5" forwarding=enabled advertise=enabled metric=0 nud=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : hp-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : AC-81-12-7B-DE-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2605:a000:1233:c073:0:dcbe:6373:f4df(Preferred)
Lease Obtained. . . . . . . . . . : Thursday, December 07, 2017 2:53:39 PM
Lease Expires . . . . . . . . . . : Thursday, December 14, 2017 2:53:40 PM
Link-local IPv6 Address . . . . . : fe80::6158:2adc:713d:cef3%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 06, 2017 1:51:29 PM
Lease Expires . . . . . . . . . . : Monday, December 11, 2017 9:22:28 AM
Default Gateway . . . . . . . . . : fe80::5853:bdff:fede:fda2%12
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 212631826
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-05-99-26-2C-27-D7-DE-FD-54
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
home
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 2C-27-D7-DE-FD-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{5F2481EF-6CD3-4078-91D7-BC71ED636C63}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: HG6Box
Address: 192.168.1.1
Name: google.com
Addresses: 2607:f8b0:4009:812::200e
172.217.6.110
Pinging google.com [172.217.6.110] with 32 bytes of data:
Reply from 172.217.6.110: bytes=32 time=31ms TTL=53
Reply from 172.217.6.110: bytes=32 time=29ms TTL=53
Ping statistics for 172.217.6.110:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 31ms, Average = 30ms
Server: HG6Box
Address: 192.168.1.1
Name: yahoo.com
Addresses: 2001:4998:58:2201::73
2001:4998:44:204::100d
2001:4998:c:e33::53
206.190.39.42
98.138.252.38
98.139.180.180
Pinging yahoo.com [98.139.180.180] with 32 bytes of data:
Reply from 98.139.180.180: bytes=32 time=56ms TTL=48
Reply from 98.139.180.180: bytes=32 time=45ms TTL=48
Ping statistics for 98.139.180.180:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 56ms, Average = 50ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...ac 81 12 7b de a5 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
11...2c 27 d7 de fd 54 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 281
192.168.1.5 255.255.255.255 On-link 192.168.1.5 281
192.168.1.255 255.255.255.255 On-link 192.168.1.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 281 ::/0 fe80::5853:bdff:fede:fda2
1 306 ::1/128 On-link
12 33 2605:a000:1233:c073::/64 On-link
12 281 2605:a000:1233:c073:0:dcbe:6373:f4df/128
On-link
12 281 fe80::/64 On-link
12 281 fe80::6158:2adc:713d:cef3/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/08/2017 09:27:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/08/2017 09:22:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:51:39 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:46:40 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:42:07 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:36:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: malwarebytes_assistant.exe, version: 3.0.0.1284, time stamp: 0x5a15ab19
Faulting module name: Qt5Core.dll, version: 5.6.2.0, time stamp: 0x59a63e00
Exception code: 0xc0000005
Fault offset: 0x0018de83
Faulting process id: 0x18b8
Faulting application start time: 0xmalwarebytes_assistant.exe0
Faulting application path: malwarebytes_assistant.exe1
Faulting module path: malwarebytes_assistant.exe2
Report Id: malwarebytes_assistant.exe3
Error: (12/07/2017 03:36:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:31:38 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:08:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (12/07/2017 03:03:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (12/06/2017 01:53:49 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (12/06/2017 01:51:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (12/06/2017 01:48:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
Error: (12/06/2017 01:48:14 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/06/2017 01:48:14 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (12/06/2017 01:48:13 PM) (Source: Service Control Manager) (User: )
Description: The HP Touchpoint Analytics service terminated unexpectedly. It has done this 1 time(s).
Error: (12/06/2017 01:48:13 PM) (Source: Service Control Manager) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/06/2017 01:48:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/06/2017 01:48:13 PM) (Source: Service Control Manager) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
Error: (12/06/2017 01:48:13 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (12/08/2017 09:27:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/08/2017 09:22:24 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:51:39 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:46:40 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:42:07 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:36:55 PM) (Source: Application Error)(User: )
Description: malwarebytes_assistant.exe3.0.0.12845a15ab19Qt5Core.dll5.6.2.059a63e00c00000050018de8318b801d36f9b1cf5d425C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exeC:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll5c775121-db8e-11e7-b193-2c27d7defd54
Error: (12/07/2017 03:36:53 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:31:38 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:08:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (12/07/2017 03:03:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
=========================== Installed Programs ============================
4500_G510nz_Help (HKLM-x32\...\{690879A5-18EF-447B-98D6-B699D51008AB}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (HKLM-x32\...\{5B05FF91-F20C-4832-A8DE-E1912639C17C}) (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (HKLM-x32\...\{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}) (Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (HKLM-x32\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}) (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Chronotron Pro (HKLM-x32\...\{4CCE77B1-36E1-4A25-91BD-350A0B7C11DE}) (Version: 1.0.0 - Chronotron.com)
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2110 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.3206 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Decipher TextMessage (HKLM-x32\...\{F35BEED1-67B2-4437-B71F-4099B5222F06}) (Version: 5.5.1 - Decipher Media)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}) (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Discovery (C:\Program Files (x86)\disc\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
Discovery (C:\Program Files (x86)\disc\) #4 (HKLM-x32\...\ST6UNST #4) (Version: - )
Discovery (C:\Program Files (x86)\disc\) (HKLM-x32\...\ST6UNST #2) (Version: - )
Discovery (HKLM-x32\...\ST6UNST #1) (Version: - )
DocMgr (HKLM-x32\...\{92A51949-EE4C-466D-AAF0-99E74A49A63F}) (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Document Express DjVu Plug-in (HKLM\...\{3677A6FF-9C6F-48B7-B0DC-E958C2FE4FFF}) (Version: 6.1.35472 - Cuminas Corporation)
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FTR TheRecord Player (HKLM-x32\...\{530566D0-895A-4F2C-9CE5-8DEB854CB027}) (Version: 5.6.2.0 - FTR Pty. Ltd.) Hidden
FTR TheRecord Player (HKLM-x32\...\InstallShield_{530566D0-895A-4F2C-9CE5-8DEB854CB027}) (Version: 5.6.2.0 - FTR Pty. Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToMeeting 8.18.0.8034 (HKCU\...\GoToMeeting) (Version: 8.18.0.8034 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Business 2012 (Remove Only) (HKLM-x32\...\H&R Block Business 2012) (Version: - )
H&R Block Ohio 2012 (HKLM-x32\...\{E85D9824-9316-4124-9AC2-9F7E63B97295}) (Version: 1.12.4401 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.07.7803 - HRB Technology, LLC.)
HotDocs Player 11 (64bit) (HKLM\...\{BEC0672D-63DA-49E2-ADE9-105D32D5BC7E}) (Version: 11.00.3411 - HotDocs Corporation)
HoudiniESQ Windows (HKLM-x32\...\HoudiniESQ Windows 1.8.97.1) (Version: 1.8.97.1 - LOGiCBit Software LLC)
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Documentation (HKLM-x32\...\{99CEB89F-50EC-4979-BDF6-148645D7EB35}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.8.37.11 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iPhoneSMSExport (HKLM-x32\...\iPhoneSMSExport) (Version: - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.48.00 - NETGEAR Inc.)
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Nextiva Codec (HKLM-x32\...\{BE18FDC3-7E2E-4DE5-B471-DB74491768F2}) (Version: 63.1.2853 - Verint Video Solutions)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OhioDocs 4.2.0 (HKLM-x32\...\OhioDocs) (Version: 4.2.0 - The Ohio Bar Association)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Tool for VeryAndroid SMS Backup 3.2.1 (HKLM-x32\...\PC Tool for VeryAndroid SMS Backup) (Version: 3.2.1 - VeryAndroid)
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.0.02.14151 - Sony Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4001.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4001.2206 - Intuit Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealLegal E-Transcript Bundle Viewer (HKLM-x32\...\{521D6EE7-E5B6-4E9B-837A-BEF39247FF07}) (Version: 6.0.1.887 - Thomson Reuters)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
Smart Organizing Monitor for SP 210 Series (HKLM-x32\...\{D1EC71F7-E534-4A54-A75A-DCDCCAD77BF7}) (Version: 1.00 - RICOH)
SmartSound Quicktracks 5 (HKLM-x32\...\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartWebPrinting (HKLM-x32\...\{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SofTest v11 (HKLM-x32\...\{6E601B1B-8542-41DB-A361-B3817CC727AD}) (Version: 11.4.6 - Examsoft) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{6E601B1B-8542-41DB-A361-B3817CC727AD}) (Version: 11.4.6 - Examsoft)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Status (HKLM-x32\...\{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}) (Version: 130.0.376.000 - Hewlett-Packard) Hidden
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{cccb8171-b60b-4da8-8a0a-00e21ff41860}) (Version: 3.0.36.9 - TunnelBear)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WordPerfect Lightning - MSOM (HKLM-x32\...\{F6EE49FD-B736-4888-A05A-115F3B1160FA}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning (HKLM-x32\...\_{4873CC58-69D8-490D-9E5C-001DC2EE202E}) (Version: - Corel Corporation)
WordPerfect Lightning (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE202E}) (Version: 0.3 - Corel Corporation) Hidden
Works Suite OS Pack (HKLM-x32\...\{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}) (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden
========================= Memory info: ===================================
Percentage of memory in use: 49%
Total physical RAM: 3562.91 MB
Available physical RAM: 1782.38 MB
Total Virtual: 7124.01 MB
Available Virtual: 4692.11 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:451.6 GB) (Free:347.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.86 GB) (Free:1.52 GB) NTFS
========================= Users: ========================================
User accounts for \\HP-HP
Administrator Guest hp
========================= Restore Points ==================================
29-09-2017 16:14:48 Scheduled Checkpoint
22-10-2017 19:52:45 Checkpoint by HitmanPro
22-10-2017 19:53:38 Checkpoint by HitmanPro
04-11-2017 15:52:03 Scheduled Checkpoint
13-11-2017 14:03:46 HPSF Applying updates
13-11-2017 14:19:02 HPSF Applying updates
13-11-2017 14:30:47 Installed HP Support Assistant
13-11-2017 14:32:20 Windows Modules Installer
13-11-2017 14:33:00 Windows Modules Installer
06-12-2017 18:48:18 Restore Point Created by FRST
**** End of log ****
#12
Posted 08 December 2017 - 08:35 AM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Hello,
Logs look clean. What issues remain ?
Thanks
Joe
Logs look clean. What issues remain ?
Thanks
Joe
#13
Posted 08 December 2017 - 09:37 AM
bolivar
- Topic Starter
-
- Member
-
- 8 posts
New Member
Thanks. I will see if it runs ok now. Thanks so so much for expertise.
#14
Posted 22 December 2017 - 11:10 AM
zep516
-
- Malware Removal
-
- 8,093 posts
Trusted Helper
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Thanks
Joe
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Thanks
Joe
Similar Topics
Also tagged with one or more of these keywords: Trojan
|
Security →
Virus, Spyware, Malware Removal →
Trojan Backdoor activity 578Started by spotted jaguar , 15 Oct 2022  trojan, backdoor, 578
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Is My PC Infected? [Solved]Started by siroynthe , 09 Apr 2021 infection, virus, trojan, rat and 1 more...
|
|
![Is My PC Infected? [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
|
|
|
|
trojan
Security →
Virus, Spyware, Malware Removal →
Trojan.kotver!batStarted by cstolarik , 05 Aug 2020 trojan
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
Win64:TrojanX-gen and other things....Started by Matias Cooke , 04 Aug 2020 #virus, #trojan, #slow
|
|
|
|
|
|
Security →
Virus, Spyware, Malware Removal →
This Virus Got Me Good! I NEED HELP!Started by joe_rockstar , 17 Jun 2020 TROJAN, REGEDIT WONT OPEN and 3 more...
|
|
|
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
