Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trying to wipe Malware, can't reset pc [Closed]

malware adware reset

  • This topic is locked This topic is locked

#1
TaraK1

TaraK1

    New Member

  • Member
  • Pip
  • 1 posts

Hello, my name is Tara. I'm trying to repair my computer as best I can so that I can use it for school. I've been trying every few weeks to reset my computer to try and resolve the issue in the only way I know how, but each try has been unsuccessful. 

 

I'm not sure if this will be any help, but here are a few facts about my computer:

 

1. computer is an HP "envy"

2. computer is 5 years old, but still in great condition

3. I've had malware issues in the past, but Geek Squad has temporarily resolved them until they come back.

4. I've had virus protection, Webroot, but my subscription has expired and I haven't renewed. (probably not smart, I know)

 

Here are the issues I'm experiencing:

 

Getting onto the internet is quite the task; everything operates slowly and windows will quit responding out of nowhere and crash. Navigating on the desktop is so labored. Clicking on ANYTHING takes a few minutes to load, and when it does, it operates at a glacial pace. 

 

 

 

I'm not sure if these are malware issues, but I'm hoping I can find some help here. Thank you for any information you can offer!

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Tara (administrator) on TARACOTHRANHP (08-01-2018 15:38:14)
Running from C:\Users\Tara\Downloads
Loaded Profiles: Tara (Available Profiles: Tara)
Platform: Windows 10 Home Version 1607 14393.1480 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.bak
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSetup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSetup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.bak
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1061104 2018-01-08] (Webroot)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-2782944489-941073443-914625341-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2015-11-30]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:49398;https=127.0.0.1:49398
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{35a92f05-dc10-4f4a-9fb2-9c3266d7852f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b6db8967-6e55-4936-9b87-4bb987be2c68}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c6971d5e-2705-475b-8800-61623a17c369}: [DhcpNameServer] 66.253.214.16 50.30.184.16
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-02-15] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-14] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-02-15] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-02-15] (Webroot)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-02] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default [2018-01-08]
CHR Extension: (Google Drive) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-08]
CHR Extension: (Gmail) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-02-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-03-15] (Intel)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7760552 2017-12-07] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-02] (Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1061104 2018-01-08] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-03-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2018-01-08] ()
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [127760 2018-01-08] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-03] (Webroot)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-08 16:37 - 2018-01-08 16:37 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-08 16:32 - 2018-01-08 16:40 - 000000000 ___HD C:\$SysReset
2018-01-08 15:38 - 2018-01-08 15:46 - 000020069 _____ C:\Users\Tara\Downloads\FRST.txt
2018-01-08 15:35 - 2018-01-08 15:37 - 002393088 _____ (Farbar) C:\Users\Tara\Downloads\FRST64.exe
2018-01-08 15:12 - 2018-01-08 15:12 - 000094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2018-01-08 13:37 - 2017-11-01 16:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-08 13:37 - 2017-11-01 16:12 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-08 13:37 - 2017-11-01 16:12 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-01-08 13:37 - 2017-11-01 16:12 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-01-08 13:37 - 2017-11-01 16:11 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-01-08 13:37 - 2017-11-01 16:11 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-01-08 13:37 - 2017-11-01 16:05 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-01-08 13:37 - 2017-11-01 16:04 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-01-08 13:37 - 2017-11-01 16:03 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-01-08 13:37 - 2017-10-08 19:44 - 002321408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-01-08 13:37 - 2017-10-08 19:44 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-01-08 13:37 - 2017-10-08 19:43 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-01-08 13:37 - 2017-09-17 20:27 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2018-01-08 13:37 - 2017-09-06 23:53 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2018-01-08 13:37 - 2017-09-06 23:52 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2018-01-08 13:37 - 2017-09-06 23:51 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2018-01-08 13:37 - 2017-09-06 23:18 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2018-01-08 13:37 - 2017-09-06 23:16 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2018-01-08 13:37 - 2017-09-06 23:15 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2018-01-08 13:37 - 2017-08-21 23:09 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-01-08 13:37 - 2017-08-21 23:08 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-01-08 13:37 - 2017-08-21 23:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-01-08 13:37 - 2017-08-21 23:05 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-08 13:37 - 2017-08-21 23:04 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2018-01-08 13:37 - 2017-08-21 23:02 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-08 13:37 - 2017-08-21 22:57 - 000711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-08 13:37 - 2017-08-21 22:47 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-08 13:37 - 2017-07-11 23:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-01-08 13:37 - 2017-07-11 23:12 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-01-08 12:55 - 2018-01-08 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-08 17:00 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\System
2018-01-08 15:45 - 2016-07-16 05:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-08 15:39 - 2013-05-04 19:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-01-08 15:38 - 2014-12-07 16:04 - 000000000 ____D C:\FRST
2018-01-08 15:32 - 2016-07-16 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-08 15:18 - 2016-09-09 14:07 - 002208812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-08 15:14 - 2016-09-09 14:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-01-08 15:14 - 2014-04-13 07:58 - 000000000 __SHD C:\Users\Tara\IntelGraphicsProfiles
2018-01-08 15:12 - 2016-09-09 14:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-08 15:12 - 2015-02-15 16:07 - 000182192 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2018-01-08 15:12 - 2015-02-15 16:07 - 000127760 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2018-01-08 15:12 - 2015-02-15 16:07 - 000114672 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2018-01-08 15:12 - 2013-06-26 15:52 - 000034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2018-01-08 13:48 - 2016-07-16 00:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-01-08 13:48 - 2015-02-15 16:06 - 000000000 ____D C:\ProgramData\WRData
2018-01-08 13:33 - 2013-12-16 16:11 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-08 13:29 - 2017-07-10 20:12 - 000000000 ____D C:\Users\Tara\Documents\Youcam
2018-01-08 13:18 - 2014-02-03 22:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2018-01-08 13:09 - 2016-09-09 14:44 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-08 12:56 - 2017-02-13 12:43 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-08 12:53 - 2016-09-09 14:44 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-08 12:53 - 2016-09-09 14:44 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-08 12:45 - 2016-09-09 13:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
 
==================== Files in the root of some directories =======
 
2015-02-15 16:09 - 2015-02-15 16:09 - 010395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2017-05-25 21:54 - 2017-05-25 21:54 - 000000000 _____ () C:\Users\Tara\AppData\Local\{17EBD0EB-BFF5-46F5-8D4C-BA79AF780779}
2017-06-13 15:25 - 2017-06-13 15:25 - 000000000 _____ () C:\Users\Tara\AppData\Local\{E5818836-1BA3-4D6E-91F1-EF52E2B794EE}
 
Some files in TEMP:
====================
2017-01-18 21:17 - 2017-01-18 21:17 - 000992568 _____ (Webroot) C:\Users\Tara\AppData\Local\Temp\WRupdate253177484.exe
2017-06-19 15:32 - 2017-06-19 15:32 - 037944611 _____ (Dropbox, Inc.) C:\Users\Tara\AppData\Local\Temp\{BE2A16F0-4FC0-4F35-B732-C68D450824F1}-DropboxClient_28.4.14.exe
2017-06-15 10:41 - 2017-06-15 10:44 - 013564340 _____ (Dropbox, Inc.) C:\Users\Tara\AppData\Local\Temp\{D2F5204D-87CB-490D-B4FA-28E4F55C7812}-DropboxClient_28.4.14.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-13 21:13
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Tara (08-01-2018 15:49:12)
Running from C:\Users\Tara\Downloads
Windows 10 Home Version 1607 14393.1480 (X64) (2016-09-09 21:08:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2782944489-941073443-914625341-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2782944489-941073443-914625341-503 - Limited - Disabled)
dgcot_000 (S-1-5-21-2782944489-941073443-914625341-1002 - Limited - Enabled)
Guest (S-1-5-21-2782944489-941073443-914625341-501 - Limited - Disabled)
Tara (S-1-5-21-2782944489-941073443-914625341-1001 - Administrator - Enabled) => C:\Users\Tara
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Disabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Disabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (HKLM-x32\...\WTA-50836e35-a6ea-4610-8216-ba171ed2f883) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\{1D55DE93-486D-40F7-88F3-CF08578F82AA}) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
Airport Mania (HKLM-x32\...\WTA-ad0514a0-496e-42ea-ab50-ec627d2db427) (Version: 2.2.0.95 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Azteca (HKLM-x32\...\WTA-043230ca-0e26-4888-800f-f037023c1af2) (Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-c3b566eb-8370-40b7-9672-5cde272596ee) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-1d32c407-f9c8-4670-a24b-222baf828120) (Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (HKLM-x32\...\WTA-15649087-d182-4005-8dd3-7f1299124e78) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-43fb9b74-13bb-4363-bffd-9ad41dd8fe52) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-5072f9bb-8935-42cd-9678-19b95e02635b) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-5cc62d9e-b6ad-48fc-963a-76b89fd75b98) (Version: 3.0.2.32 - WildTangent) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3603 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-2d445e5d-e0eb-4966-acfe-b44bedb33923) (Version: 3.0.2.32 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
Farm Frenzy (HKLM-x32\...\WTA-03897f02-7fd0-4bc7-93d9-7268d3a64d1c) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-5d44f590-3292-44c1-a534-fb52caede66b) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-14ddd3bc-8169-45f3-be2b-f52c5dc0f6ea) (Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A64DC543-B6C3-4745-AAD6-AC9F1B765BCF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.14.41 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.7.22.13 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel Anti-Theft Discovery App (HKLM-x32\...\{707248B9-2D34-4D77-A5C6-2A8A54848E5A}) (Version: 1.1.0.7 - Intel Corporation)
Intel Experience Center - Configuration (HKLM-x32\...\{C73A16B7-AC35-4262-9BAF-DA9B2039A563}) (Version: 1.5.0.0 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{e4fefc02-cd6c-45e3-8974-e7357e71da40}) (Version: 1.5.0.0 - Intel)
Intel® Experience Center Driver (HKLM-x32\...\{16660b76-bdc5-47cf-b28d-846120a1ee76}) (Version: 1.0.90.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Smart Connect Technology 4.1 x64 (HKLM\...\{DBECAE94-4C04-40AC-9AFB-FA9953258EAF}) (Version: 4.1.41.2234 - Intel)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{28B4FCD3-1E17-411F-B56A-769DCF9169E0}) (Version: 4.1.14.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-1eeb2261-07b6-45be-8a89-7d2f3d4b4974) (Version: 2.2.0.98 - WildTangent) Hidden
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.14350.0 - Linksys LLC)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Luxor Evolved (HKLM-x32\...\WTA-2967b334-9829-4a73-9cc8-7866dc0ea0de) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-dfbd4800-a33b-40e9-8dbb-38d4af8df6e2) (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-33fa4f2f-f87f-4e4e-a3b6-b625f67c46c5) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8730.2127 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2782944489-941073443-914625341-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-7cfab465-cedc-45b9-b30a-57b3082e19b1) (Version: 2.2.0.98 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8730.2127 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-c82036d3-5319-42f0-a836-b8aca38a75b8) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-3fd2cad1-e972-4892-96f4-28be5b77fd1a) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-b8a679a3-ee83-4ab1-913c-04bd82190b6e) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21226 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Roads of Rome 3 (HKLM-x32\...\WTA-37f8f36a-7aef-4762-aff7-178c2b2d7e33) (Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (HKLM-x32\...\WTA-c8df34d1-d630-4896-970c-e8a6f97343b6) (Version: 3.0.2.32 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-88f008e8-6f42-431a-9068-5c241fc10c59) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-0523fe44-9b77-4108-87ea-a9d665527e44) (Version: 3.0.2.32 - WildTangent) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.18.44 - Webroot)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-1739e523-de95-4485-8683-5b37c7214902) (Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-59a56ea8-922a-4324-99ca-8fb9901d96de) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2782944489-941073443-914625341-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tara\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2782944489-941073443-914625341-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tara\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2782944489-941073443-914625341-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tara\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2782944489-941073443-914625341-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tara\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2015-10-21] (Apple Inc.)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-01-08] (Webroot)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2018-01-08] (Webroot)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {094CD275-5C71-4753-B57E-5566CA859498} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {149F09C3-D8D9-4A4D-8E16-73A1FE0CA8CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2398DFCE-DF0A-46D9-B9E0-1EDD9C91B8E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {26C2A59F-A336-45CC-AEC5-87D29FDDD7EA} - \WPD\SqmUpload_S-1-5-21-2782944489-941073443-914625341-1001 -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D6080F6-9B4B-4000-B094-38AC4D470900} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {42999E84-383C-4473-B276-FAAFF588281E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {4359B472-2EFE-4D97-AA1B-85585D8C771B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {44B1FA31-738A-442F-A239-D6B66DF571CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {47D97415-BA52-4E35-8856-9F2A62F97DBD} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-03] (CyberLink Corp.)
Task: {4DF50B70-117F-462E-A842-E207F22F9747} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {532B2ED0-64E2-49C9-9415-B97BF6C39E42} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
Task: {5AC83142-5D4F-4779-ABE4-0E0DAC362075} - \DonutQuotes -> No File <==== ATTENTION
Task: {5CE8EDB5-FC3F-4D57-9029-2022E5605097} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-08] (Microsoft Corporation)
Task: {5FB8B3B6-B790-490F-AADE-0E571045D378} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {648784BD-0097-46CD-9C92-9F0E4ABB1CED} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon -> No File <==== ATTENTION
Task: {682F091C-3BB1-415B-B2FF-2B42575AB2F8} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {6A4B0BB7-C276-4FFF-988B-0C5EE8DC9B62} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2017-01-12] (Adobe Systems Incorporated)
Task: {6E25DBEE-DE57-4A75-95D4-5ACF0152C358} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6F1BCF04-D338-416D-8F10-B83EBC7026CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {6FBD06C7-A420-479B-BF52-392E18C929C9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {87C0AF3F-DDB0-4682-8F27-18CD69A59DBC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {97806F37-9BD9-46C9-9024-CE85A87EA8BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-08] (Microsoft Corporation)
Task: {9EB9BC61-CBEC-47F2-8F26-01CBCCB76A4C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A82B2526-6DF6-4CD9-908F-EC89AA3578EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {AEBCCA25-01B4-4881-B7F7-54DD3EA37CDA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B8D8CA8C-0406-4AAE-A8DF-22E9998C1465} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {BCC21471-D20E-4D02-9923-86A13753441F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-07] (Microsoft Corporation)
Task: {C643414E-AB13-4AD3-A125-9B144096C96C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {C904EE9B-6438-40E5-85D8-161AF09D2745} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {CC69E494-2AE1-45A6-B302-813008B82807} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-13] (Microsoft Corporation)
Task: {CFE12347-945B-4593-81DA-65385551AD6E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {D074E018-0517-4022-AC7C-28F00B179AAD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D0ACBC6E-367A-451C-935E-95B4F0DC2BED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D5399BE3-7878-4FD4-8496-76C8E6CC2A32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D6C110FC-64EF-4B4B-95F2-4B4BDE5CE9DB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-08] (Microsoft Corporation)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {DF22D9D1-B1CD-4313-842D-EAEC8A63C54E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E78F3D03-FF03-49F4-A344-FA5C450ABB79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {EF622E0A-7FD3-40FD-B070-F7B7333AB18A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F19F7898-EF4B-45DC-8B42-857753180D2B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-13] (Dropbox, Inc.)
Task: {F39B099D-0351-4DBE-85DB-6AB6993B2E6C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-02-13] (Dropbox, Inc.)
Task: {FEB5BED0-A92D-473E-A2BC-2B1839561E2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Tara\AppData\Local\Microsoft\Windows\RoamingTiles\-5099386760.lnk -> hxxp://www.pandora.com/station/play/154647687440143957
 
ShortcutWithArgument: C:\Users\Tara\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-5099386760.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -pinnedSite -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xae028bc6 -pinnedTimeHigh 0x01ce9146 -securityFlags 0x00000000 -url 0x00000037 hxxp://www.pandora.com/station/play/1546476874401439572
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-13 22:28 - 2017-06-21 01:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 001329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-15 16:45 - 2013-04-15 16:45 - 000182760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 16:45 - 2013-04-15 16:45 - 000060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2016-10-29 22:10 - 2016-09-06 22:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-18 22:28 - 2017-03-04 00:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-18 22:29 - 2017-03-04 00:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-18 22:29 - 2017-03-04 00:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-18 22:29 - 2017-03-04 00:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-13 22:28 - 2017-06-21 00:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-13 22:28 - 2017-06-21 00:35 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-13 22:28 - 2017-06-21 00:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-01-08 13:33 - 2017-12-05 22:24 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libglesv2.dll
2018-01-08 13:33 - 2017-12-05 22:24 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\libegl.dll
2017-06-10 10:36 - 2017-06-10 10:39 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-10 10:36 - 2017-06-10 10:39 - 000201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-17 21:35 - 2017-03-28 00:26 - 003388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-04-17 21:35 - 2017-03-28 00:13 - 002263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 001040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 000237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2018-01-08 12:53 - 2017-12-04 19:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-01-08 12:53 - 2017-12-04 19:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-01-08 12:54 - 2017-12-04 19:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2018-01-08 12:54 - 2017-12-04 19:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-01-08 12:53 - 2017-12-04 19:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-01-08 12:53 - 2017-12-04 19:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2018-01-08 12:54 - 2017-12-04 19:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2018-01-08 12:54 - 2017-12-04 19:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-01-08 12:53 - 2017-12-04 19:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-08 12:53 - 2017-12-04 19:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2018-01-08 12:54 - 2017-12-04 19:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2018-01-08 12:54 - 2017-12-04 19:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-01-08 12:54 - 2017-12-04 19:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-01-08 12:54 - 2017-12-04 19:08 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-01-08 12:54 - 2017-12-04 19:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-01-08 12:54 - 2017-12-04 19:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2018-01-08 12:54 - 2017-12-04 19:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-01-08 12:53 - 2017-12-04 19:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-08 12:53 - 2017-12-04 19:07 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2018-01-08 12:53 - 2017-12-04 19:06 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-01-08 12:53 - 2017-12-04 19:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-01-08 12:54 - 2017-12-04 19:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-01-08 12:53 - 2017-12-04 19:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-01-08 12:54 - 2017-12-04 19:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-01-08 12:53 - 2017-12-04 19:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2013-12-02 16:00 - 2013-12-02 16:00 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-15 17:13 - 2011-08-23 20:39 - 000081920 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ctypes.pyd
2014-01-15 17:13 - 2011-08-23 20:39 - 000053248 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_socket.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2782944489-941073443-914625341-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-2782944489-941073443-914625341-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2782944489-941073443-914625341-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tara\Pictures\2015-09\IMG_6278 (1).JPG
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{6A4477FA-5024-4A1E-AB59-591289B8537C}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [TCP Query User{99B6799C-E2AE-40B8-9685-2DCD25D20B0C}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{9373DCD2-D0BD-4901-88BB-76020D398D65}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [TCP Query User{E4D395FE-6E4D-4E28-A174-7A11D93D9179}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [TCP Query User{3D96C1B9-699E-43CC-8508-13BB4C693B5A}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{703DC0DB-C20A-4321-817D-B3F1E69C24FE}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [TCP Query User{1979BE38-8C43-4FA2-BF91-1582EEF355EA}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe
FirewallRules: [TCP Query User{605BC662-BB2B-4A8B-9B96-AD52B669725F}C:\program files (x86)\itunes\itunes.exe] => (Block) C:\program files (x86)\itunes\itunes.exe
FirewallRules: [{E91C9802-C7AD-4776-9875-4A2DA3E1D666}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C64802A0-99FB-4BC4-8F8D-CB28131AB55F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89DE0E11-19C2-4397-8548-2DE70DB58486}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2348F6F0-430B-446B-BD18-11E003CB1952}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0D24FA1-783D-4097-8211-03E45C35BFB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23018F2F-15C4-4F28-A9DB-A56705843066}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{BF5EC436-D95A-4D98-95E9-1C084DD0979C}] => (Allow) LPort=5357
FirewallRules: [{17389AAA-3E45-4AF5-B5E7-F34026B299B7}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{DF8418FF-738D-4CE5-A188-7428073F17A0}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Block) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [UDP Query User{05BE3342-0F04-4C5C-8009-973EA253B2AA}C:\program files\common files\microsoft shared\ink\tabtip.exe] => (Block) C:\program files\common files\microsoft shared\ink\tabtip.exe
FirewallRules: [{EAE20138-FC06-4D9B-832C-BE57C00F5D7B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{4DEA5C37-1146-440C-9B92-62E0815A5225}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{190BDFB5-F75C-4A47-8D1A-526F06A056E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
 
==================== Restore Points =========================
 
08-01-2018 13:36:39 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2018 03:27:24 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected
 
Error: (01/08/2018 01:37:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/08/2018 01:29:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/08/2018 01:29:01 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (01/08/2018 12:50:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TARACOTHRANHP)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.1378_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
Error: (07/28/2017 01:53:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/17/2017 12:39:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/13/2017 09:14:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/13/2017 08:47:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/10/2017 08:13:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (01/08/2018 03:21:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.
 
Error: (01/08/2018 03:18:06 PM) (Source: DCOM) (EventID: 10010) (User: TARACOTHRANHP)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (01/08/2018 03:17:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.
 
Error: (01/08/2018 03:16:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (01/08/2018 03:13:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/08/2018 03:13:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/08/2018 03:13:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/08/2018 01:44:38 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
 
Error: (01/08/2018 01:40:37 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E60687F7-01A1-40AA-86AC-DB1CBF673334} timed out waiting for the service wuauserv to stop.
 
Error: (01/08/2018 01:38:24 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {B91D5831-B1BD-4608-8198-D72E155020F7} timed out waiting for the service UsoSvc to stop.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-13 12:42:49.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-13 12:42:49.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:04.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:04.131
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:04.102
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:04.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:04.068
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:04.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:03.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-27 01:52:03.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8123.84 MB
Available physical RAM: 4624.13 MB
Total Virtual: 9403.84 MB
Available Virtual: 5941.73 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:670.79 GB) (Free:576.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.87 GB) (Free:2.57 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EF0C38A7)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 

 


  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts
Hello Tara :welcome:

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:
  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing
.
IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
 

«»«»«»

Lets Start with some cleaning...

Step 1 - Farbar Recovery Scanner Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy.)
  • Right-click in the open Notepad and select Paste
  • Save it on the Desktop as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)

    Start::
    CreateRestorePoint:
    cmd: netstat -a -n -b|findstr /R "49398 \["
    CloseProcesses:
    ProxyEnable: [HKLM] => Proxy is enabled.
    ProxyServer: [HKLM] => http=127.0.0.1:49398;https=127.0.0.1:49398
    File: c:\windows\system32\DRIVERS\dbx.sys
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2782944489-941073443-914625341-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
    HKU\S-1-5-21-2782944489-941073443-914625341-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
    Task: {094CD275-5C71-4753-B57E-5566CA859498} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
    Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
    Task: {149F09C3-D8D9-4A4D-8E16-73A1FE0CA8CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {26C2A59F-A336-45CC-AEC5-87D29FDDD7EA} - \WPD\SqmUpload_S-1-5-21-2782944489-941073443-914625341-1001 -> No File <==== ATTENTION
    Task: {3D6080F6-9B4B-4000-B094-38AC4D470900} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {44B1FA31-738A-442F-A239-D6B66DF571CA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {532B2ED0-64E2-49C9-9415-B97BF6C39E42} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 -> No File <==== ATTENTION
    Task: {5AC83142-5D4F-4779-ABE4-0E0DAC362075} - \DonutQuotes -> No File <==== ATTENTION
    Task: {5FB8B3B6-B790-490F-AADE-0E571045D378} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {648784BD-0097-46CD-9C92-9F0E4ABB1CED} - \IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon -> No File <==== ATTENTION
    Task: {682F091C-3BB1-415B-B2FF-2B42575AB2F8} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    Task: {87C0AF3F-DDB0-4682-8F27-18CD69A59DBC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
    Task: {9EB9BC61-CBEC-47F2-8F26-01CBCCB76A4C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {AEBCCA25-01B4-4881-B7F7-54DD3EA37CDA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
    Task: {D074E018-0517-4022-AC7C-28F00B179AAD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
    Task: {DF22D9D1-B1CD-4313-842D-EAEC8A63C54E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {EF622E0A-7FD3-40FD-B070-F7B7333AB18A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {FEB5BED0-A92D-473E-A2BC-2B1839561E2D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
    EmptyTemp:
    End::

  • Run FRST/FRST64 and press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.
  • Restart the Computer
.
.
Step 2 - Uninstall Programs

You have some programs installed that are Potentially Unwanted Programs (PUPs) or Adware related that I would like you to uninstall...

Go to Start > Control Panel, double-click on Add/Remove Programs (WinXP) or Programs and Features in Vista /Windows 7/8/10, locate these programs on the list and uninstall them:[/b]
  • LPT System Updater Service
  • Notes:
    • If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item;
    • If during the uninstall the setup ask you to restart the computer please do it;
.
Step 3 - Scan and Remove with ADWCleaner
Please download AdwCleaner by Malwarebytes and save it to the Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • Please post both logs with the Scan and Cleaning.

  • 0

#3
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,668 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP