Unsure of Issue in need of help please
Hello, just new to geeks to go and while searching for help regarding my issue I keep getting referred to a PC problem of malware.
About 3 months ago I started getting repeatedly kicked off xbox 360 while gaming. Now I can’t stay connected online with the xbox for more then 2 mins or less. I noticed on my Belkin Wifi that the logs say DDoS attacks (Ping of Death) and Flooding attacks (Syn Flood) directed at my WAN IP Address XX.XX.XX.XXX on the Belkin.
My PC and 2 Xbox 360s are wired direct to the Wifi which is wired directly to the modem normally.
I have connected the xbox 360 by itself to the modem and I have no issue staying connected but I don’t know if the xbox has a firewall and I need the wifi for my cell and family that visit that use it. (My Windows Vista PC that has a dynamic IP and seems to be working just fine, the only issue the PC has is repeated requests from sites saying my browser needs updating).
I do have my Wifi password protected and I believe it is the static address on the Wifi that is the target for the attacks. Can you please help? Is there a possibility to change the static address to dynamic on the Belkin Model# F9K1102V2, will it stop the attacks or am I way off on resolving the issue that way?
And...I don’t know how or if I can, change the Belkin from static to dynamic
Thanks Tipper
FRST.txt (real name replaced with Tipper)
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018
Ran by Tipper (administrator) on TIPPER-PC (11-01-2018 02:09:38)
Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOTYTLV
Loaded Profiles: Tipper & Chris & Boyz (Available Profiles: Tipper & Chris & Boyz & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [L08AXLRD_45457240] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [RIMDeviceManager] => C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2062680 2011-05-19] (Research In Motion Limited)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [L08AXLRD_72757259] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2018-01-11]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Boyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1001\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2328FD5C-20DF-441B-BA4C-12384E9C94FB}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-consumer.my.aol.ca/
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.ca/
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.ca/
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL =
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} - No File
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-06-28] (Logitech Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-12] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1003: @nsroblox.roblox.com/launcher -> C:\Users\Boyz\AppData\Local\Roblox\Versions\version-b4f311f5cfe34914\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-10] (Adobe Systems Incorporated) [File not signed]
R2 AVP17.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-12-04] (Dropbox, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R2 KSDE1.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [170840 2016-06-10] (AO Kaspersky Lab)
S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [41184 2003-06-26] (Accapella Ltd.)
S3 CoachVc; C:\Windows\System32\DRIVERS\CoachVc.sys [45664 2003-06-26] (Accapella Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [57264 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [71504 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [155352 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [130776 2017-10-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [807128 2017-10-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49744 2016-12-07] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46000 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [82352 2016-05-17] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [71088 2016-05-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165336 2017-07-29] (AO Kaspersky Lab)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-11 02:09 - 2018-01-11 02:09 - 000000000 ____D C:\FRST
2018-01-08 04:29 - 2018-01-08 04:29 - 008657175 _____ C:\Users\Chris\Documents\Deep Fryer Manual.pdf
2018-01-08 02:59 - 2018-01-08 03:08 - 000000035 _____ C:\Users\Boyz\Documents\Medical info look up for help.txt
2018-01-08 02:39 - 2018-01-08 02:41 - 000000042 _____ C:\Users\Boyz\Documents\Prizm in vision.txt
2017-12-21 02:58 - 2017-12-21 07:55 - 000002212 _____ C:\Users\Tipper\Documents\Geeks to Go help.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-11 02:08 - 2011-08-16 15:47 - 000000386 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2018-01-11 02:04 - 2016-10-28 16:22 - 000000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-11 02:04 - 2013-10-16 19:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-01-11 01:38 - 2016-10-28 16:22 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-11 00:43 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-11 00:43 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-10 18:53 - 2014-04-18 04:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-01-10 18:53 - 2014-04-18 04:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-01-10 18:53 - 2008-05-17 17:21 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-10 18:43 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-08 05:42 - 2006-11-02 08:01 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-07 15:49 - 2011-07-26 02:06 - 000000000 ____D C:\Program Files\File Type Assistant
2018-01-05 20:52 - 2006-11-02 05:33 - 000006580 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-30 02:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc
2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1
2017-12-30 02:09 - 2011-06-05 20:16 - 000000000 ____D C:\Users\Boyz
2017-12-30 02:09 - 2011-05-06 03:45 - 000000000 ____D C:\Users\Chris
2017-12-30 02:09 - 2011-04-20 11:55 - 000000000 ____D C:\Users\Tipper
2017-12-30 02:09 - 2006-11-02 05:22 - 140247040 _____ C:\Windows\system32\config\system_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 051118080 _____ C:\Windows\system32\config\software_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 041156608 _____ C:\Windows\system32\config\components_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2017-12-30 02:08 - 2011-08-16 15:47 - 000000000 ____D C:\Users\Tipper\AppData\Roaming\FinalMediaPlayer
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
==================== Files in the root of some directories =======
2011-06-01 12:07 - 2015-12-22 05:35 - 000044759 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.Exception.log
2011-06-01 12:06 - 2011-08-16 15:03 - 000003392 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-08-16 15:27 - 2015-12-22 05:35 - 000002849 _____ () C:\Users\Tipper\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-25 16:13 - 2014-03-25 16:13 - 000000045 _____ () C:\Users\Tipper\AppData\Roaming\WB.CFG
2011-05-18 14:19 - 2011-05-18 14:19 - 000000000 _____ () C:\Users\Tipper\AppData\Roaming\wklnhst.dat
2012-11-01 06:46 - 2016-11-02 05:56 - 000001356 _____ () C:\Users\Tipper\AppData\Local\d3d9caps.dat
2012-01-17 16:49 - 2017-09-18 12:36 - 000074240 _____ () C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-28 09:23 - 2013-12-28 09:23 - 000351124 _____ () C:\Users\Tipper\AppData\Local\mysearchdial-speeddial.crx
2012-10-23 03:26 - 2012-10-23 03:26 - 000017408 _____ () C:\Users\Tipper\AppData\Local\WebpageIcons.db
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-10 18:58
==================== End of FRST.txt ============================
Addition.txt (real name replaced with Tipper)
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by Tipper (11-01-2018 02:12:37)
Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOTYTLV
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-04-20 16:49:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3938486149-3048756490-4017228027-500 - Administrator - Disabled)
Tipper (S-1-5-21-3938486149-3048756490-4017228027-1000 - Administrator - Enabled) => C:\Users\Tipper
Boyz (S-1-5-21-3938486149-3048756490-4017228027-1003 - Limited - Enabled) => C:\Users\Boyz
Chris (S-1-5-21-3938486149-3048756490-4017228027-1001 - Limited - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3938486149-3048756490-4017228027-501 - Limited - Disabled)
Mcx1 (S-1-5-21-3938486149-3048756490-4017228027-1004 - Administrator - Enabled) => C:\Users\Mcx1
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version: - )
Dropbox (HKLM\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version: - Hewlett-Packard)
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
Final Media Player 2014 (HKLM\...\FinalMediaPlayer_is1) (Version: 2014.08.04.00 - Bitberry Software) <==== ATTENTION
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version: - )
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version: - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
ROBLOX Player for Boyz (HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Uninstall Helper (HKLM\...\{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}) (Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
Uninstall Helper (HKLM\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Boyz\AppData\Local\Roblox\Versions\version-b4f311f5cfe34914\RobloxProxy.dll (ROBLOX Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09DA987E-5384-44C4-9359-F80E0CE55A8C} - System32\Tasks\{402A8835-4A03-4627-8446-8BCF151CF753} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {2C6865C5-1B4D-4998-BABD-CB45D4B027C9} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {62723A29-FD3B-4F5F-B7D5-B9F1BFD4E640} - System32\Tasks\{E999EE8A-B462-4D2F-8C6F-0AEC7FF1E3EF} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe <==== ATTENTION
Task: {7DBA33D4-0248-4229-A416-08514CB82EAD} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-03-25] (Bitberry Software)
Task: {890419E0-EAE5-4F12-8544-8E5E5BEEAA2C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {964DAA7E-EFC5-456C-833F-3F439598E230} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop
Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C76B646B-84AE-47F7-8FD0-073582FC06AE} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-05-06] ( ) <==== ATTENTION
Task: {DB58737A-01E8-4FF8-8FB9-79E217B19D00} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {DF894B9C-6CB6-4C71-BE6E-D4746B6A9FC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {EC0650CD-EE19-42D0-838C-23A853709D82} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2017-12-06 18:21 - 2017-12-04 20:06 - 000725312 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-12-06 18:21 - 2017-12-04 20:06 - 002075456 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-12-06 18:22 - 2017-12-04 20:06 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-12-06 18:22 - 2017-12-04 20:08 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-12-06 18:22 - 2017-12-04 20:06 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-12-06 18:22 - 2017-12-04 20:08 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-12-06 18:21 - 2017-12-04 20:06 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-12-06 18:22 - 2017-12-04 20:08 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-12-06 18:22 - 2017-12-04 20:08 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-12-06 18:22 - 2017-12-04 20:08 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000155464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000050496 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-12-06 18:22 - 2017-12-04 20:07 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-12-06 18:22 - 2017-12-04 20:08 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-06 18:22 - 2017-12-04 20:06 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-12-06 18:22 - 2017-12-04 20:09 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-12-06 18:21 - 2017-12-04 20:07 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-12-06 18:21 - 2017-12-04 20:06 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-12-06 18:21 - 2017-12-04 20:07 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2017-12-06 18:21 - 2017-12-04 20:07 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2017-12-06 18:21 - 2017-12-04 20:07 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-12-06 18:22 - 2017-12-04 20:09 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2007-05-21 06:02 - 2007-05-21 06:02 - 000269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL
2007-05-21 06:00 - 2007-05-21 06:00 - 000068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICTEIT.EBK
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tipper\Pictures\Me 2.jpg
HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\Pictures\wot2560x1600.jpg
HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Boyz\Pictures\Shadow of Mordor.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D92D6C79-4E3E-4C55-B270-3772F9D2657C}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{770D80FE-2DB7-4C60-B911-024311024AB0}] => (Allow) LPort=80
FirewallRules: [{5BFA165D-98D1-42B9-8DBB-C23123DA7500}] => (Allow) LPort=80
FirewallRules: [{85C1740F-00A1-4ADE-828A-5DE3DC90AF6D}] => (Allow) LPort=80
FirewallRules: [{20EE2C88-D71B-4B05-9581-0F4D1EB4E7FF}] => (Allow) LPort=4481
FirewallRules: [{3343A644-DA33-45C0-B6F8-75703D1A4C08}] => (Allow) LPort=4481
FirewallRules: [{9699F66B-E3AE-49DD-A0AE-DA2E373C485F}] => (Allow) LPort=4482
FirewallRules: [{C395807F-9F94-4FC8-B806-FF47F0DAD3DA}] => (Allow) LPort=4482
FirewallRules: [{1253EA7A-883E-4F2D-878B-0D89088B081B}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{3F9BC9C6-4BF0-4DF9-B7F9-F0D72354923C}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{E61E14B6-2B7B-4B9A-A8EC-94FCBDCD789E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [UDP Query User{A6668CB7-25D3-4515-9533-E3F19AC2076B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [{85C8AE78-3F41-4823-A11B-40C4AA4FC9F8}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{1995A3E9-CF49-4029-84CE-3D6F151D2101}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{08546204-51B4-4295-BC11-5733FB70F911}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [UDP Query User{D3BD81E3-322B-4ADB-B9AA-C101BA735424}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [{472C2A7C-9E89-43FA-8922-9A792DCE6728}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C0FE80F8-6DB0-403A-82A8-7473952BDD19}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{039FE2C9-0329-48BE-9910-CF88A6D492F4}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{0544882A-BB01-4012-B621-7BF0EA635474}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{03A57C7B-C4EB-4EEA-9E5D-C103F4B51706}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{C2B3017F-DA3F-41AE-B0CC-F83812372997}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{0BFE0F54-CBE3-4EEE-84A5-461D578C2D01}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{E6CC7C32-5F9C-4D43-B8C5-FCA8F86057F3}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{4EA6102F-1B0A-428A-A09E-89C192F71B65}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{AE7CE02D-6746-4E72-BF1C-7F455868D1AB}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{5626D9CE-8125-420E-A8B3-354AA3609C13}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{4EA7CE8A-DE16-471E-A1C1-C3A7F903D7A3}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{2C18A20C-6338-4CA6-889D-61F7A076066E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{44450312-2BF9-4A3A-9479-6D1E7A931FE8}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{56E8EEF2-BB46-4569-83C3-801C78D7B31D}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{F93B05B1-C570-4C0F-AF9C-46AFBA2B20E1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{ACD4BAF2-009A-4F30-B641-47371F46485A}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [TCP Query User{C93416B8-BA29-49F9-BA5A-AC531D041DD7}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [UDP Query User{53A6C86A-EB12-41E1-A38A-6D03F0F4A96E}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [{EC294BAD-5D99-4C91-B894-63A3AD473A40}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
13-11-2017 20:56:40 Windows Update
15-11-2017 00:00:25 Scheduled Checkpoint
26-11-2017 03:00:38 Windows Update
28-11-2017 17:49:59 Scheduled Checkpoint
29-11-2017 03:00:13 Windows Update
30-11-2017 00:00:11 Scheduled Checkpoint
01-12-2017 00:00:09 Scheduled Checkpoint
02-12-2017 00:00:09 Scheduled Checkpoint
03-12-2017 00:00:09 Scheduled Checkpoint
04-12-2017 00:00:07 Scheduled Checkpoint
05-12-2017 00:00:07 Scheduled Checkpoint
06-12-2017 00:00:15 Scheduled Checkpoint
06-12-2017 16:05:44 Windows Update
08-12-2017 00:00:10 Scheduled Checkpoint
09-12-2017 00:00:12 Scheduled Checkpoint
10-12-2017 00:00:20 Scheduled Checkpoint
11-12-2017 00:00:14 Scheduled Checkpoint
11-12-2017 22:39:48 Windows Update
13-12-2017 00:00:15 Scheduled Checkpoint
27-12-2017 04:01:51 First Restore Point
30-12-2017 02:02:35 Restore Operation
30-12-2017 02:36:27 First Restore Point
08-01-2018 00:55:25 My own made restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2018 06:58:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {4168BD23-C752-4DA0-A076-FC6B588FD2AC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Error: (01/10/2018 06:44:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/08/2018 04:50:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/08/2018 12:49:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16872 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1cc8
Start Time: 01d388445f765ab0
Termination Time: 190
Error: (01/05/2018 08:52:03 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (01/05/2018 08:52:03 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (01/05/2018 08:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/04/2018 08:15:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0xe0c, application start time 0x01d3855d24a66e00.
Error: (01/03/2018 05:17:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x105c, application start time 0x01d3847b2f28ef20.
Error: (01/01/2018 02:05:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x172c, application start time 0x01d382cee3498360.
System errors:
=============
Error: (01/10/2018 06:46:40 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
Error: (01/10/2018 06:43:15 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.3 for the Network Card with network address 001E9034E132 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
Error: (01/08/2018 04:56:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
Error: (01/05/2018 08:54:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
Error: (01/05/2018 08:47:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/05/2018 08:47:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
Error: (01/05/2018 08:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Font Cache Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/05/2018 08:46:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
Error: (01/05/2018 08:46:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (01/05/2018 08:44:17 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 001E9034E132 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
CodeIntegrity:
===================================
Date: 2018-01-11 02:11:41.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:40.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:39.906
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:38.945
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:37.899
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:36.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:35.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:34.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:33.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.
Date: 2018-01-11 02:11:32.910
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Athlon 64 X2 Dual Core Processor 5400+
Percentage of memory in use: 66%
Total physical RAM: 3005.76 MB
Available physical RAM: 1002.73 MB
Total Virtual: 6229.71 MB
Available Virtual: 3337.5 MB
==================== Drives ================================
Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:158.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F451C310)
Partition 1: (Active) - (Size=455.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================