Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Malware issue? DDoS attacks (Ping of Death) and Flooding attacks (S

DDoS Syn Flood Wifi Ping of Death Malware causing IP issues static IP vs dynamic IP Malware in PC = IP issues

  • Please log in to reply

#1
Tipper

Tipper

    New Member

  • Member
  • Pip
  • 3 posts

Unsure of Issue in need of help please

Hello, just new to geeks to go and while searching for help regarding my issue I keep getting referred to a PC problem of malware.

About 3 months ago I started getting repeatedly kicked off xbox 360 while gaming. Now I can’t stay connected online with the xbox for more then 2 mins or less. I noticed on my Belkin Wifi that the logs say DDoS attacks (Ping of Death) and Flooding attacks (Syn Flood) directed at my WAN IP Address XX.XX.XX.XXX on the Belkin.

My PC and 2 Xbox 360s are wired direct to the Wifi which is wired directly to the modem normally.

 I have connected the xbox 360 by itself to the modem and I have no issue staying connected but I don’t know if the xbox has a firewall and I need the wifi for my cell and family that visit that use it. (My Windows Vista PC that has a dynamic IP and seems to be working just fine, the only issue the PC has is repeated requests from sites saying my browser needs updating).

 I do have my Wifi password protected and I believe it is the static address on the Wifi that is the target for the attacks. Can you please help? Is there a possibility to change the static address to dynamic on the Belkin Model# F9K1102V2, will it stop the attacks or am I way off on resolving the issue that way?

 And...I don’t know how or if I can, change the Belkin from static to dynamic

Thanks Tipper

 

FRST.txt   (real name replaced with Tipper)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018

Ran by Tipper (administrator) on TIPPER-PC (11-01-2018 02:09:38)

Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOTYTLV

Loaded Profiles: Tipper & Chris & Boyz (Available Profiles: Tipper & Chris & Boyz & Mcx1)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe

(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe

(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe

(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Microsoft Corporation) C:\WINDOWS\System32\conime.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)

HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)

HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)

HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)

HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [L08AXLRD_45457240] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [RIMDeviceManager] => C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2062680 2011-05-19] (Research In Motion Limited)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [L08AXLRD_72757259] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe

Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2018-01-11]

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-29]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Boyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-26]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-13]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy\User: Restriction ? <==== ATTENTION

GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1003\User: Restriction <==== ATTENTION

GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1001\User: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{2328FD5C-20DF-441B-BA4C-12384E9C94FB}: [DhcpNameServer] 192.168.2.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-consumer.my.aol.ca/

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.ca/

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.ca/

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt

SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=

SearchScopes: HKLM -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=

SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} -  No File

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-06-28] (Logitech Inc.)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)

 

FireFox:

========

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-20] [Legacy] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()

FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-12] (RocketLife, LLP)

FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1003: @nsroblox.roblox.com/launcher -> C:\Users\Boyz\AppData\Local\Roblox\Versions\version-b4f311f5cfe34914\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-10] (Adobe Systems Incorporated) [File not signed]

R2 AVP17.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-12-04] (Dropbox, Inc.)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]

R2 KSDE1.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [170840 2016-06-10] (AO Kaspersky Lab)

S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [41184 2003-06-26] (Accapella Ltd.)

S3 CoachVc; C:\Windows\System32\DRIVERS\CoachVc.sys [45664 2003-06-26] (Accapella Ltd.) [File not signed]

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [57264 2016-06-07] (AO Kaspersky Lab)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [71504 2016-06-14] (AO Kaspersky Lab)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [155352 2017-10-14] (AO Kaspersky Lab)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [130776 2017-10-14] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [807128 2017-10-14] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49744 2016-12-07] (AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46000 2016-05-18] (AO Kaspersky Lab)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab)

R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)

R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [82352 2016-05-17] (AO Kaspersky Lab)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [71088 2016-05-17] (AO Kaspersky Lab)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165336 2017-07-29] (AO Kaspersky Lab)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()

R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)

R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)

S3 dbx; system32\DRIVERS\dbx.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-01-11 02:09 - 2018-01-11 02:09 - 000000000 ____D C:\FRST

2018-01-08 04:29 - 2018-01-08 04:29 - 008657175 _____ C:\Users\Chris\Documents\Deep Fryer Manual.pdf

2018-01-08 02:59 - 2018-01-08 03:08 - 000000035 _____ C:\Users\Boyz\Documents\Medical info look up for help.txt

2018-01-08 02:39 - 2018-01-08 02:41 - 000000042 _____ C:\Users\Boyz\Documents\Prizm in vision.txt

2017-12-21 02:58 - 2017-12-21 07:55 - 000002212 _____ C:\Users\Tipper\Documents\Geeks to Go help.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-01-11 02:08 - 2011-08-16 15:47 - 000000386 _____ C:\Windows\Tasks\Final Media Player Update Checker.job

2018-01-11 02:04 - 2016-10-28 16:22 - 000000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2018-01-11 02:04 - 2013-10-16 19:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2018-01-11 01:38 - 2016-10-28 16:22 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2018-01-11 00:43 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2018-01-11 00:43 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2018-01-10 18:53 - 2014-04-18 04:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2018-01-10 18:53 - 2014-04-18 04:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2018-01-10 18:53 - 2008-05-17 17:21 - 000000000 ____D C:\Windows\system32\Macromed

2018-01-10 18:43 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-01-08 05:42 - 2006-11-02 08:01 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2018-01-07 15:49 - 2011-07-26 02:06 - 000000000 ____D C:\Program Files\File Type Assistant

2018-01-05 20:52 - 2006-11-02 05:33 - 000006580 _____ C:\Windows\system32\PerfStringBackup.INI

2017-12-30 02:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc

2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1

2017-12-30 02:09 - 2011-06-05 20:16 - 000000000 ____D C:\Users\Boyz

2017-12-30 02:09 - 2011-05-06 03:45 - 000000000 ____D C:\Users\Chris

2017-12-30 02:09 - 2011-04-20 11:55 - 000000000 ____D C:\Users\Tipper

2017-12-30 02:09 - 2006-11-02 05:22 - 140247040 _____ C:\Windows\system32\config\system_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 051118080 _____ C:\Windows\system32\config\software_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 041156608 _____ C:\Windows\system32\config\components_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous

2017-12-30 02:08 - 2011-08-16 15:47 - 000000000 ____D C:\Users\Tipper\AppData\Roaming\FinalMediaPlayer

2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool

2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration

2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf

 

==================== Files in the root of some directories =======

 

2011-06-01 12:07 - 2015-12-22 05:35 - 000044759 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.Exception.log

2011-06-01 12:06 - 2011-08-16 15:03 - 000003392 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2011-08-16 15:27 - 2015-12-22 05:35 - 000002849 _____ () C:\Users\Tipper\AppData\Roaming\Rim.DesktopHelper.Exception.log

2014-03-25 16:13 - 2014-03-25 16:13 - 000000045 _____ () C:\Users\Tipper\AppData\Roaming\WB.CFG

2011-05-18 14:19 - 2011-05-18 14:19 - 000000000 _____ () C:\Users\Tipper\AppData\Roaming\wklnhst.dat

2012-11-01 06:46 - 2016-11-02 05:56 - 000001356 _____ () C:\Users\Tipper\AppData\Local\d3d9caps.dat

2012-01-17 16:49 - 2017-09-18 12:36 - 000074240 _____ () C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-28 09:23 - 2013-12-28 09:23 - 000351124 _____ () C:\Users\Tipper\AppData\Local\mysearchdial-speeddial.crx

2012-10-23 03:26 - 2012-10-23 03:26 - 000017408 _____ () C:\Users\Tipper\AppData\Local\WebpageIcons.db

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2018-01-10 18:58

 

==================== End of FRST.txt ============================

 

 

Addition.txt  (real name replaced with Tipper)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018

Ran by Tipper (11-01-2018 02:12:37)

Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOTYTLV

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-04-20 16:49:56)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3938486149-3048756490-4017228027-500 - Administrator - Disabled)

Tipper (S-1-5-21-3938486149-3048756490-4017228027-1000 - Administrator - Enabled) => C:\Users\Tipper

Boyz (S-1-5-21-3938486149-3048756490-4017228027-1003 - Limited - Enabled) => C:\Users\Boyz

Chris (S-1-5-21-3938486149-3048756490-4017228027-1001 - Limited - Enabled) => C:\Users\Chris

Guest (S-1-5-21-3938486149-3048756490-4017228027-501 - Limited - Disabled)

Mcx1 (S-1-5-21-3938486149-3048756490-4017228027-1004 - Administrator - Enabled) => C:\Users\Mcx1

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)

BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden

BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)

Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)

CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)

CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)

Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )

Dropbox (HKLM\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)

Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)

File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION

Final Media Player 2014 (HKLM\...\FinalMediaPlayer_is1) (Version: 2014.08.04.00 - Bitberry Software) <==== ATTENTION

Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Photo Creations (HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)

HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)

Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)

LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)

LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)

Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)

Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )

Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)

Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)

Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )

Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )

PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )

Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)

Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)

ROBLOX Player for Boyz (HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)

swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Uninstall Helper (HKLM\...\{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}) (Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION

Uninstall Helper (HKLM\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Boyz\AppData\Local\Roblox\Versions\version-b4f311f5cfe34914\RobloxProxy.dll (ROBLOX Corporation)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-05-22] (NVIDIA Corporation)

ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {09DA987E-5384-44C4-9359-F80E0CE55A8C} - System32\Tasks\{402A8835-4A03-4627-8446-8BCF151CF753} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {2C6865C5-1B4D-4998-BABD-CB45D4B027C9} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)

Task: {62723A29-FD3B-4F5F-B7D5-B9F1BFD4E640} - System32\Tasks\{E999EE8A-B462-4D2F-8C6F-0AEC7FF1E3EF} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\

Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe  <==== ATTENTION

Task: {7DBA33D4-0248-4229-A416-08514CB82EAD} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-03-25] (Bitberry Software)

Task: {890419E0-EAE5-4F12-8544-8E5E5BEEAA2C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)

Task: {964DAA7E-EFC5-456C-833F-3F439598E230} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)

Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop

Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {C76B646B-84AE-47F7-8FD0-073582FC06AE} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-05-06] ( ) <==== ATTENTION

Task: {DB58737A-01E8-4FF8-8FB9-79E217B19D00} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)

Task: {DF894B9C-6CB6-4C71-BE6E-D4746B6A9FC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)

Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {EC0650CD-EE19-42D0-838C-23A853709D82} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll

2017-12-06 18:21 - 2017-12-04 20:06 - 000725312 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll

2017-12-06 18:21 - 2017-12-04 20:06 - 002075456 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll

2017-12-06 18:22 - 2017-12-04 20:06 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll

2017-12-06 18:22 - 2017-12-04 20:06 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd

2017-12-06 18:21 - 2017-12-04 20:06 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll

2017-12-06 18:22 - 2017-12-04 20:08 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000155464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000050496 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2017-12-06 18:21 - 2017-12-04 20:06 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll

2017-12-06 18:21 - 2017-12-04 20:07 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll

2017-12-06 18:21 - 2017-12-04 20:07 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll

2017-12-06 18:21 - 2017-12-04 20:07 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll

2017-12-06 18:22 - 2017-12-04 20:09 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2007-05-21 06:02 - 2007-05-21 06:02 - 000269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL

2007-05-21 06:02 - 2007-05-21 06:02 - 000228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL

2007-05-21 06:02 - 2007-05-21 06:02 - 000178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL

2007-05-21 06:02 - 2007-05-21 06:02 - 000351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL

2007-05-21 06:00 - 2007-05-21 06:00 - 000068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICTEIT.EBK

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tipper\Pictures\Me 2.jpg

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\Pictures\wot2560x1600.jpg

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Boyz\Pictures\Shadow of Mordor.jpg

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [{D92D6C79-4E3E-4C55-B270-3772F9D2657C}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE

FirewallRules: [{770D80FE-2DB7-4C60-B911-024311024AB0}] => (Allow) LPort=80

FirewallRules: [{5BFA165D-98D1-42B9-8DBB-C23123DA7500}] => (Allow) LPort=80

FirewallRules: [{85C1740F-00A1-4ADE-828A-5DE3DC90AF6D}] => (Allow) LPort=80

FirewallRules: [{20EE2C88-D71B-4B05-9581-0F4D1EB4E7FF}] => (Allow) LPort=4481

FirewallRules: [{3343A644-DA33-45C0-B6F8-75703D1A4C08}] => (Allow) LPort=4481

FirewallRules: [{9699F66B-E3AE-49DD-A0AE-DA2E373C485F}] => (Allow) LPort=4482

FirewallRules: [{C395807F-9F94-4FC8-B806-FF47F0DAD3DA}] => (Allow) LPort=4482

FirewallRules: [{1253EA7A-883E-4F2D-878B-0D89088B081B}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [{3F9BC9C6-4BF0-4DF9-B7F9-F0D72354923C}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [TCP Query User{E61E14B6-2B7B-4B9A-A8EC-94FCBDCD789E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe

FirewallRules: [UDP Query User{A6668CB7-25D3-4515-9533-E3F19AC2076B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe

FirewallRules: [{85C8AE78-3F41-4823-A11B-40C4AA4FC9F8}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [{1995A3E9-CF49-4029-84CE-3D6F151D2101}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [TCP Query User{08546204-51B4-4295-BC11-5733FB70F911}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe

FirewallRules: [UDP Query User{D3BD81E3-322B-4ADB-B9AA-C101BA735424}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe

FirewallRules: [{472C2A7C-9E89-43FA-8922-9A792DCE6728}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{C0FE80F8-6DB0-403A-82A8-7473952BDD19}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{039FE2C9-0329-48BE-9910-CF88A6D492F4}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{0544882A-BB01-4012-B621-7BF0EA635474}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe

FirewallRules: [{03A57C7B-C4EB-4EEA-9E5D-C103F4B51706}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe

FirewallRules: [{C2B3017F-DA3F-41AE-B0CC-F83812372997}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{0BFE0F54-CBE3-4EEE-84A5-461D578C2D01}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{E6CC7C32-5F9C-4D43-B8C5-FCA8F86057F3}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{4EA6102F-1B0A-428A-A09E-89C192F71B65}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{AE7CE02D-6746-4E72-BF1C-7F455868D1AB}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{5626D9CE-8125-420E-A8B3-354AA3609C13}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{4EA7CE8A-DE16-471E-A1C1-C3A7F903D7A3}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{2C18A20C-6338-4CA6-889D-61F7A076066E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{44450312-2BF9-4A3A-9479-6D1E7A931FE8}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{56E8EEF2-BB46-4569-83C3-801C78D7B31D}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{F93B05B1-C570-4C0F-AF9C-46AFBA2B20E1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{ACD4BAF2-009A-4F30-B641-47371F46485A}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [TCP Query User{C93416B8-BA29-49F9-BA5A-AC531D041DD7}E:\setup.exe] => (Allow) E:\setup.exe

FirewallRules: [UDP Query User{53A6C86A-EB12-41E1-A38A-6D03F0F4A96E}E:\setup.exe] => (Allow) E:\setup.exe

FirewallRules: [{EC294BAD-5D99-4C91-B894-63A3AD473A40}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

 

==================== Restore Points =========================

 

13-11-2017 20:56:40 Windows Update

15-11-2017 00:00:25 Scheduled Checkpoint

26-11-2017 03:00:38 Windows Update

28-11-2017 17:49:59 Scheduled Checkpoint

29-11-2017 03:00:13 Windows Update

30-11-2017 00:00:11 Scheduled Checkpoint

01-12-2017 00:00:09 Scheduled Checkpoint

02-12-2017 00:00:09 Scheduled Checkpoint

03-12-2017 00:00:09 Scheduled Checkpoint

04-12-2017 00:00:07 Scheduled Checkpoint

05-12-2017 00:00:07 Scheduled Checkpoint

06-12-2017 00:00:15 Scheduled Checkpoint

06-12-2017 16:05:44 Windows Update

08-12-2017 00:00:10 Scheduled Checkpoint

09-12-2017 00:00:12 Scheduled Checkpoint

10-12-2017 00:00:20 Scheduled Checkpoint

11-12-2017 00:00:14 Scheduled Checkpoint

11-12-2017 22:39:48 Windows Update

13-12-2017 00:00:15 Scheduled Checkpoint

27-12-2017 04:01:51 First Restore Point

30-12-2017 02:02:35 Restore Operation

30-12-2017 02:36:27 First Restore Point

08-01-2018 00:55:25 My own made restore point

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/10/2018 06:58:29 PM) (Source: EventSystem) (EventID: 4621) (User: )

Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {4168BD23-C752-4DA0-A076-FC6B588FD2AC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

 

Error: (01/10/2018 06:44:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/08/2018 04:50:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/08/2018 12:49:49 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16872 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 1cc8

Start Time: 01d388445f765ab0

Termination Time: 190

 

Error: (01/05/2018 08:52:03 PM) (Source: LoadPerf) (EventID: 3011) (User: )

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (01/05/2018 08:52:03 PM) (Source: LoadPerf) (EventID: 3012) (User: )

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (01/05/2018 08:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/04/2018 08:15:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,

process id 0xe0c, application start time 0x01d3855d24a66e00.

 

Error: (01/03/2018 05:17:51 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,

process id 0x105c, application start time 0x01d3847b2f28ef20.

 

Error: (01/01/2018 02:05:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,

process id 0x172c, application start time 0x01d382cee3498360.

 

 

System errors:

=============

Error: (01/10/2018 06:46:40 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: Event-ID 1001

 

Error: (01/10/2018 06:43:15 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 192.168.2.3 for the Network Card with network address 001E9034E132 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

 

Error: (01/08/2018 04:56:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: Event-ID 1001

 

Error: (01/05/2018 08:54:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: Event-ID 1001

 

Error: (01/05/2018 08:47:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HP Health Check Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

Error: (01/05/2018 08:47:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

 

Error: (01/05/2018 08:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Font Cache Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

Error: (01/05/2018 08:46:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

 

Error: (01/05/2018 08:46:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Error: (01/05/2018 08:44:17 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 192.168.2.2 for the Network Card with network address 001E9034E132 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

 

 

CodeIntegrity:

===================================

  Date: 2018-01-11 02:11:41.781

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:40.857

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:39.906

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:38.945

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:37.899

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:36.931

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:35.941

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:34.975

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:33.884

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:32.910

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+

Percentage of memory in use: 66%

Total physical RAM: 3005.76 MB

Available physical RAM: 1002.73 MB

Total Virtual: 6229.71 MB

Available Virtual: 3337.5 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:158.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: F451C310)

Partition 1: (Active) - (Size=455.4 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,135 posts
  • MVP

Uninstall:

File Type Assistant

Final Media Player 2014

Itibiti RTC

(IF you need to make phone calls with your PC then use Google hangouts:

https://hangouts.google.com/

)

 

Java 8 Update 31

Uninstall Helper

Uninstall Helper

(If you need an uninstaller get the free version of Revo

https://www.revounin..._download.html

)

Yahoo! Detect

 

Then

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).


Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 

Reboot

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

 

Run FRST as before.  Check the Addition.txt box before hitting SCAN.  Post both logs.

 

 

 

 


  • 0

#3
Tipper

Tipper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

RKinner...thanks for your reply,
I could not find 'Itibiti RTC' nor 'Yahoo! Detect' to uninstall them. Also I am
not sure who user 'Mcx1' is, on my PC (unless it is the person from the
electronics dept.where I bought the PC). Here are requested files. Tipper

 

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 18:32:20 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows Vista ™ Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Registry Helper
Deleted: C:\ProgramData\Application Data\Registry Helper
Deleted: C:\Users\All Users\Registry Helper
Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Users\Tipper\AppData\LocalLow\Yahoo! Companion

Deleted: C:\Program Files\File Type Assistant
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Tipper\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Boyz\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Chris\AppData\Local\FileTypeAssistant
Deleted: C:\Users\TEMP\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Boyz\AppData\Local\FinalMediaPlayer
Deleted: C:\Users\Chris\AppData\Local\FinalMediaPlayer
Deleted: C:\ProgramData\iWin
Deleted: C:\ProgramData\Application Data\iWin
Deleted: C:\Users\All Users\iWin
Deleted: C:\Users\Boyz\AppData\Roaming\iWin
Deleted: C:\Program Files\Yahoo!\Companion
Deleted: C:\Users\Tipper\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\Tipper\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Program Files\Conduit
Deleted: C:\Users\Tipper\AppData\Local\Conduit
Deleted: C:\Users\Tipper\AppData\LocalLow\Conduit
Deleted: C:\Users\Tipper\Documents\Coupons
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\Tipper\AppData\LocalLow\Mysearchdial

***** [ Files ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Deleted: C:\Users\Tipper\AppData\Local\mysearchdial-speeddial.crx
Deleted: C:\Windows\System32\RegistryHelperLM.ocx

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Deleted: [Key] - HKLM\SOFTWARE\W3I
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Bitberry
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Bitberry
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Bitberry
Deleted: [Key] - HKCU\Software\Bitberry
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\FileTypeAssistant
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\FileTypeAssistant
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FinalMediaPlayer_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FinalMediaPlayer_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\YahooPartnerToolbar

Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Value] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Deleted: [Key] - HKLM\SOFTWARE\Conduit

Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKCU\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ
Deleted: [Key] - HKLM\SOFTWARE\mysearchdial
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\InstallCore
Deleted: [Key] - HKCU\Software\InstallCore
Deleted: [Key] - HKLM\SOFTWARE\Freeze.com
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3241324

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [9850 B] - [2018/1/16 18:29:2]
C:/AdwCleaner/scan report 1 AdwCleaner[S0].txt - [9850 B] - [2018/1/16 18:30:6]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Tipper (administrator) on 16-01-2018 at 14:07:59
Running from "C:\Users\Tipper\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: D5468AT-ABA ALONPAV Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet  = Local Area Connection (Connected)
Kaspersky Security Data Escort Adapter = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tipper-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Kaspersky Security Data Escort Adapter
   Physical Address. . . . . . . . . : 00-FF-C8-12-4E-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
   Physical Address. . . . . . . . . : 00-1E-90-34-E1-32
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::38bb:6843:8521:6cb8%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : January-16-18 1:49:27 PM
   Lease Expires . . . . . . . . . . : February-22-54 8:36:30 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 251666064
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-40-FF-3F-00-1E-90-34-E1-32
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : isatap.Belkin
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{C8124E22-C633-4F07-890B-C52239BE2B42}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:400b:80c::200e
   172.217.1.174

 

Pinging google.com [172.217.1.174] with 32 bytes of data:

Reply from 172.217.1.174: bytes=32 time=11ms TTL=55

Reply from 172.217.1.174: bytes=32 time=10ms TTL=55

 

Ping statistics for 172.217.1.174:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 10ms, Maximum = 11ms, Average = 10ms

Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  2001:4998:c:e33::53
   2001:4998:58:2201::73
   2001:4998:44:204::100d
   206.190.39.42
   98.138.252.38
   98.139.180.180

 

Pinging yahoo.com [206.190.39.42] with 32 bytes of data:

Reply from 206.190.39.42: bytes=32 time=73ms TTL=51

Reply from 206.190.39.42: bytes=32 time=73ms TTL=51

 

Ping statistics for 206.190.39.42:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 73ms, Maximum = 73ms, Average = 73ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 12 ...00 ff c8 12 4e 22 ...... Kaspersky Security Data Escort Adapter
 10 ...00 1e 90 34 e1 32 ...... NVIDIA nForce 10/100 Mbps Ethernet
  1 ........................... Software Loopback Interface 1
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.Belkin
 13 ...00 00 00 00 00 00 00 e0  isatap.{C8124E22-C633-4F07-890B-C52239BE2B42}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::38bb:6843:8521:6cb8/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2018 01:51:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2018 01:36:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2018 12:29:18 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1534, application start time 0xiexplore.exe0.

Error: (01/16/2018 12:21:17 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1490, application start time 0xiexplore.exe0.

Error: (01/16/2018 12:18:55 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1338, application start time 0xiexplore.exe0.

Error: (01/16/2018 12:17:45 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x10b4, application start time 0xiexplore.exe0.

Error: (01/12/2018 08:00:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2018 03:12:45 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1cfc, application start time 0xiexplore.exe0.

Error: (01/12/2018 02:54:57 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x654, application start time 0xiexplore.exe0.

Error: (01/11/2018 03:40:44 PM) (Source: Application Error) (User: )
Description: Faulting application DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, faulting module DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, exception code 0xc0000005, fault offset 0x00001ac5,
process id 0x700, application start time 0xDbxSvc.exe0.

System errors:
=============
Error: (01/16/2018 02:05:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (01/16/2018 01:57:54 PM) (Source: DCOM) (User: Tipper-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tipper-PCTipperS-1-5-21-3938486149-3048756490-4017228027-1000LocalHost (Using LRPC)

Error: (01/16/2018 01:57:47 PM) (Source: DCOM) (User: Tipper-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tipper-PCTipperS-1-5-21-3938486149-3048756490-4017228027-1000LocalHost (Using LRPC)

Error: (01/16/2018 01:57:31 PM) (Source: DCOM) (User: Tipper-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tipper-PCTipperS-1-5-21-3938486149-3048756490-4017228027-1000LocalHost (Using LRPC)

Error: (01/16/2018 01:37:45 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (01/16/2018 01:32:49 PM) (Source: Service Control Manager) (User: )
Description: Software Licensing11200001Restart the service

Error: (01/16/2018 01:32:05 PM) (Source: Service Control Manager) (User: )
Description: Kaspersky Secure Connection Service 1.0.01100001Restart the service

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (User: )
Description: HP Health Check Service1600001Restart the service

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (User: )
Description: DbxSvc1

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2018-01-11 02:11:41.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:40.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:39.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:38.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:37.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:36.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:35.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:34.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:33.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:32.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKCU\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 3005.76 MB
Available physical RAM: 670.09 MB
Total Virtual: 6223.7 MB
Available Virtual: 3646.13 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:159.16 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS

========================= Users: ========================================

User accounts for \\TIPPER-PC

Administrator            Tipper                    Boyz                    
Chris                    Guest                    Mcx1                    

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.01.2018
Ran by Tipper (administrator) on TIPPER-PC (16-01-2018 14:34:51)
Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTPGXSZK
Loaded Profiles: Tipper (Available Profiles: Tipper & Chris & Boyz & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928 2018-01-08] (Dropbox, Inc.)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [L08AXLRD_45457240] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2018-01-16]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Boyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2328FD5C-20DF-441B-BA4C-12384E9C94FB}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-consumer.my.aol.ca/
SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} -  No File
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-06-28] (Logitech Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-12] (RocketLife, LLP)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-10] (Adobe Systems Incorporated) [File not signed]
R2 AVP17.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2018-01-08] (Dropbox, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R2 KSDE1.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [170840 2016-06-10] (AO Kaspersky Lab)
S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [41184 2003-06-26] (Accapella Ltd.)
S3 CoachVc; C:\Windows\System32\DRIVERS\CoachVc.sys [45664 2003-06-26] (Accapella Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [57264 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [71504 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [155352 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [130776 2017-10-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [807128 2017-10-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49744 2016-12-07] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46000 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [82352 2016-05-17] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [71088 2016-05-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165336 2017-07-29] (AO Kaspersky Lab)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-16 14:07 - 2018-01-16 14:10 - 000025866 _____ C:\Users\Tipper\Downloads\MTB.txt
2018-01-16 14:03 - 2018-01-16 14:03 - 000000557 _____ C:\Users\Tipper\Desktop\MiniToolBox.exe - Shortcut.lnk
2018-01-16 14:02 - 2018-01-16 14:02 - 000000535 _____ C:\Users\Tipper\Downloads\MiniToolBox.exe - Shortcut.lnk
2018-01-16 14:01 - 2018-01-16 14:01 - 000892416 _____ (Farbar) C:\Users\Tipper\Downloads\MiniToolBox.exe
2018-01-16 13:26 - 2018-01-16 14:12 - 000000000 ____D C:\AdwCleaner
2018-01-11 15:40 - 2018-01-11 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-11 04:38 - 2018-01-16 14:12 - 000000000 ____D C:\Users\Tipper\Documents\Geeks to go help file
2018-01-11 02:09 - 2018-01-16 14:34 - 000000000 ____D C:\FRST
2018-01-08 16:15 - 2018-01-08 16:15 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-01-08 16:15 - 2018-01-08 16:15 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-01-08 16:15 - 2018-01-08 16:15 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-01-08 16:15 - 2018-01-08 16:15 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-01-08 04:29 - 2018-01-08 04:29 - 008657175 _____ C:\Users\Chris\Documents\Deep Fryer Manual.pdf
2018-01-08 02:59 - 2018-01-08 03:08 - 000000035 _____ C:\Users\Boyz\Documents\Medical info look up for help.txt
2018-01-08 02:39 - 2018-01-08 02:41 - 000000042 _____ C:\Users\Boyz\Documents\Prizm in vision.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-16 14:05 - 2013-10-16 19:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-01-16 13:50 - 2016-10-28 16:22 - 000000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-16 13:49 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-16 13:49 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-16 13:49 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-16 13:48 - 2006-11-02 08:01 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-16 13:38 - 2016-10-28 16:22 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-16 13:32 - 2011-07-26 02:05 - 000000000 ____D C:\Users\Tipper\AppData\Roaming\Yahoo!
2018-01-16 13:32 - 2011-07-26 02:05 - 000000000 ____D C:\Users\Tipper\AppData\LocalLow\Yahoo!
2018-01-16 13:32 - 2008-05-17 17:37 - 000000000 ____D C:\Program Files\Yahoo!
2018-01-16 13:08 - 2011-08-15 02:32 - 000000000 __SHD C:\AI_RecycleBin
2018-01-16 13:08 - 2011-08-15 02:27 - 000000000 __SHD C:\Windows\system32\AI_RecycleBin
2018-01-16 13:07 - 2008-05-17 17:28 - 000000000 ____D C:\Program Files\Java
2018-01-11 15:40 - 2016-10-28 16:21 - 000000000 ____D C:\Program Files\Dropbox
2018-01-10 18:53 - 2014-04-18 04:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-01-10 18:53 - 2014-04-18 04:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-01-10 18:53 - 2008-05-17 17:21 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-05 20:52 - 2006-11-02 05:33 - 000006580 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-30 02:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc
2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1
2017-12-30 02:09 - 2011-06-05 20:16 - 000000000 ____D C:\Users\Boyz
2017-12-30 02:09 - 2011-05-06 03:45 - 000000000 ____D C:\Users\Chris
2017-12-30 02:09 - 2011-04-20 11:55 - 000000000 ____D C:\Users\Tipper
2017-12-30 02:09 - 2006-11-02 05:22 - 140247040 _____ C:\Windows\system32\config\system_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 051118080 _____ C:\Windows\system32\config\software_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 041156608 _____ C:\Windows\system32\config\components_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2011-06-01 12:07 - 2015-12-22 05:35 - 000044759 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.Exception.log
2011-06-01 12:06 - 2011-08-16 15:03 - 000003392 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-08-16 15:27 - 2015-12-22 05:35 - 000002849 _____ () C:\Users\Tipper\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-25 16:13 - 2014-03-25 16:13 - 000000045 _____ () C:\Users\Tipper\AppData\Roaming\WB.CFG
2011-05-18 14:19 - 2011-05-18 14:19 - 000000000 _____ () C:\Users\Tipper\AppData\Roaming\wklnhst.dat
2012-11-01 06:46 - 2016-11-02 05:56 - 000001356 _____ () C:\Users\Tipper\AppData\Local\d3d9caps.dat
2012-01-17 16:49 - 2017-09-18 12:36 - 000074240 _____ () C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-23 03:26 - 2012-10-23 03:26 - 000017408 _____ () C:\Users\Tipper\AppData\Local\WebpageIcons.db

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-16 14:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.01.2018
Ran by Tipper (16-01-2018 14:37:31)
Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTPGXSZK
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-04-20 16:49:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3938486149-3048756490-4017228027-500 - Administrator - Disabled)
Tipper (S-1-5-21-3938486149-3048756490-4017228027-1000 - Administrator - Enabled) => C:\Users\Tipper
Boyz (S-1-5-21-3938486149-3048756490-4017228027-1003 - Limited - Enabled) => C:\Users\Boyz
Chris (S-1-5-21-3938486149-3048756490-4017228027-1001 - Limited - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3938486149-3048756490-4017228027-501 - Limited - Disabled)
Mcx1 (S-1-5-21-3938486149-3048756490-4017228027-1004 - Administrator - Enabled) => C:\Users\Mcx1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09DA987E-5384-44C4-9359-F80E0CE55A8C} - System32\Tasks\{402A8835-4A03-4627-8446-8BCF151CF753} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {2C6865C5-1B4D-4998-BABD-CB45D4B027C9} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {62723A29-FD3B-4F5F-B7D5-B9F1BFD4E640} - System32\Tasks\{E999EE8A-B462-4D2F-8C6F-0AEC7FF1E3EF} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe  <==== ATTENTION
Task: {890419E0-EAE5-4F12-8544-8E5E5BEEAA2C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {964DAA7E-EFC5-456C-833F-3F439598E230} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop
Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {DB58737A-01E8-4FF8-8FB9-79E217B19D00} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {DF894B9C-6CB6-4C71-BE6E-D4746B6A9FC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2018-01-11 15:40 - 2018-01-08 16:15 - 000732480 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2018-01-11 15:40 - 2018-01-08 16:15 - 002061632 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-12-06 18:22 - 2018-01-08 16:15 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-12-06 18:22 - 2018-01-08 16:15 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000063296 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-12-06 18:22 - 2018-01-08 16:16 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000155464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000050496 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2018-01-11 15:40 - 2018-01-08 16:16 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2018-01-11 15:40 - 2018-01-08 16:16 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2018-01-11 15:40 - 2018-01-08 16:16 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-12-06 18:22 - 2018-01-08 16:17 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2007-05-21 06:02 - 2007-05-21 06:02 - 000269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL
2007-05-21 06:00 - 2007-05-21 06:00 - 000068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICTEIT.EBK

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tipper\Pictures\Me 2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D92D6C79-4E3E-4C55-B270-3772F9D2657C}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{770D80FE-2DB7-4C60-B911-024311024AB0}] => (Allow) LPort=80
FirewallRules: [{5BFA165D-98D1-42B9-8DBB-C23123DA7500}] => (Allow) LPort=80
FirewallRules: [{85C1740F-00A1-4ADE-828A-5DE3DC90AF6D}] => (Allow) LPort=80
FirewallRules: [{20EE2C88-D71B-4B05-9581-0F4D1EB4E7FF}] => (Allow) LPort=4481
FirewallRules: [{3343A644-DA33-45C0-B6F8-75703D1A4C08}] => (Allow) LPort=4481
FirewallRules: [{9699F66B-E3AE-49DD-A0AE-DA2E373C485F}] => (Allow) LPort=4482
FirewallRules: [{C395807F-9F94-4FC8-B806-FF47F0DAD3DA}] => (Allow) LPort=4482
FirewallRules: [{1253EA7A-883E-4F2D-878B-0D89088B081B}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{3F9BC9C6-4BF0-4DF9-B7F9-F0D72354923C}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{E61E14B6-2B7B-4B9A-A8EC-94FCBDCD789E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [UDP Query User{A6668CB7-25D3-4515-9533-E3F19AC2076B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [{85C8AE78-3F41-4823-A11B-40C4AA4FC9F8}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{1995A3E9-CF49-4029-84CE-3D6F151D2101}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{08546204-51B4-4295-BC11-5733FB70F911}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [UDP Query User{D3BD81E3-322B-4ADB-B9AA-C101BA735424}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [{472C2A7C-9E89-43FA-8922-9A792DCE6728}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C0FE80F8-6DB0-403A-82A8-7473952BDD19}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{0544882A-BB01-4012-B621-7BF0EA635474}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{03A57C7B-C4EB-4EEA-9E5D-C103F4B51706}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{2C18A20C-6338-4CA6-889D-61F7A076066E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F93B05B1-C570-4C0F-AF9C-46AFBA2B20E1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{C93416B8-BA29-49F9-BA5A-AC531D041DD7}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [UDP Query User{53A6C86A-EB12-41E1-A38A-6D03F0F4A96E}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [{F191F0E9-82F9-4F26-AA23-750C16C15CA0}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

15-11-2017 00:00:25 Scheduled Checkpoint
26-11-2017 03:00:38 Windows Update
28-11-2017 17:49:59 Scheduled Checkpoint
29-11-2017 03:00:13 Windows Update
30-11-2017 00:00:11 Scheduled Checkpoint
01-12-2017 00:00:09 Scheduled Checkpoint
02-12-2017 00:00:09 Scheduled Checkpoint
03-12-2017 00:00:09 Scheduled Checkpoint
04-12-2017 00:00:07 Scheduled Checkpoint
05-12-2017 00:00:07 Scheduled Checkpoint
06-12-2017 00:00:15 Scheduled Checkpoint
06-12-2017 16:05:44 Windows Update
08-12-2017 00:00:10 Scheduled Checkpoint
09-12-2017 00:00:12 Scheduled Checkpoint
10-12-2017 00:00:20 Scheduled Checkpoint
11-12-2017 00:00:14 Scheduled Checkpoint
11-12-2017 22:39:48 Windows Update
13-12-2017 00:00:15 Scheduled Checkpoint
27-12-2017 04:01:51 First Restore Point
30-12-2017 02:02:35 Restore Operation
30-12-2017 02:36:27 First Restore Point
08-01-2018 00:55:25 My own made restore point
16-01-2018 13:02:59 Removed Java 8 Update 31
16-01-2018 13:05:29 Removed Java 8 Update 31
16-01-2018 13:07:55 Removed Uninstall Helper

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2018 01:51:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2018 01:36:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2018 12:29:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1534, application start time 0x01d38eeeb45f6e30.

Error: (01/16/2018 12:21:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1490, application start time 0x01d38eee180352e0.

Error: (01/16/2018 12:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1338, application start time 0x01d38eedeee2f140.

Error: (01/16/2018 12:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x10b4, application start time 0x01d38eed8920ec90.

Error: (01/12/2018 08:00:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/12/2018 03:12:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1cfc, application start time 0x01d38b7d18df9756.

Error: (01/12/2018 02:54:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x654, application start time 0x01d38b7a3477eba6.

Error: (01/11/2018 03:40:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, faulting module DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, exception code 0xc0000005, fault offset 0x00001ac5,
process id 0x700, application start time 0x01d38a6cd5b589a6.

System errors:
=============
Error: (01/16/2018 02:05:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001

Error: (01/16/2018 01:57:54 PM) (Source: DCOM) (EventID: 10016) (User: Tipper-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tipper-PC\Tipper SID (S-1-5-21-3938486149-3048756490-4017228027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2018 01:57:47 PM) (Source: DCOM) (EventID: 10016) (User: Tipper-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tipper-PC\Tipper SID (S-1-5-21-3938486149-3048756490-4017228027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2018 01:57:31 PM) (Source: DCOM) (EventID: 10016) (User: Tipper-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tipper-PC\Tipper SID (S-1-5-21-3938486149-3048756490-4017228027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2018 01:37:45 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001

Error: (01/16/2018 01:32:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/16/2018 01:32:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2018-01-16 14:36:52.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:51.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:50.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:49.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:48.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:47.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:46.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:45.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:44.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:43.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+
Percentage of memory in use: 82%
Total physical RAM: 3005.76 MB
Available physical RAM: 525.15 MB
Total Virtual: 6223.7 MB
Available Virtual: 3379.07 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:159.28 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F451C310)
Partition 1: (Active) - (Size=455.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Tipper, Yesterday, 05:06 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,135 posts
  • MVP

Looks like Mcx1 was created back in 2012:

2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1

 

You can probably remove it if you want to:  Control panel (View: Large icons) User Accounts, Manage another Acoount then click on Mcx1.  There should be an option to delete it.

 

 

Download the attached fixlist.txt to the same location as FRST

 

Attached File  fixlist.txt   6.02KB   4 downloads


Run FRST and press Fix
A fix log will be generated please post that



Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Tell it you do not need CCLEANER by unchecking the box at the bottom of the download page
Save and Install it.   Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


 


  • 0

#5
Tipper

Tipper

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 17.01.2018 01
Ran by Tipper (17-01-2018 22:34:52) Run:3
Running from C:\Users\Tipper\Downloads
Loaded Profiles: Tipper (Available Profiles: Tipper & Chris & Boyz & Mcx1)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} -  No File
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
CMD: Type \Users\Tipper\AppData\Local\Temp\launchie.vbs
Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe  <==== ATTENTION
Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop
Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

 

 

 

 

 

 

*****************

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L => not found
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45ed0a07-e3df-11e0-92d9-001e9034e132} => not found
HKLM\Software\Classes\CLSID\{45ed0a07-e3df-11e0-92d9-001e9034e132} => not found
"HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70fee8d0-6b8f-11e0-9202-806e6f6e6963}" => removed successfully.
HKLM\Software\Classes\CLSID\{70fee8d0-6b8f-11e0-9202-806e6f6e6963} => not found
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa945a74-6b73-11e0-8a33-001e9034e132} => not found
HKLM\Software\Classes\CLSID\{fa945a74-6b73-11e0-8a33-001e9034e132} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E9A1439-8462-49AD-8004-D9FC5BE53FF4} => not found
HKLM\Software\Classes\CLSID\{3E9A1439-8462-49AD-8004-D9FC5BE53FF4} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => not found
HKLM\Software\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => not found
"HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{789733C8-7A68-4A43-ACE3-BEB2292C914B}" => not found
HKLM\Software\Classes\CLSID\{789733C8-7A68-4A43-ACE3-BEB2292C914B} => not found
dbx => service not found.
IpInIp => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
PcdrNdisuio => service not found.

========= Type \Users\Tipper\AppData\Local\Temp\launchie.vbs =========

The system cannot find the file specified.

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D411B50-4F7D-4329-9A84-5CA1B36B846C} => not found
"C:\Windows\System32\Tasks\0" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} => not found
"C:\Windows\System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5404A0-3312-4DB4-A01E-91766AC907D5} => not found
"C:\Windows\System32\Tasks\4674" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4674 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E83F721D-3ECE-4861-A1D1-610583D9CA55} => not found
"C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Deskjet 1050 J410 series => not found
"C:\ProgramData\TEMP" => ":9D718DA3" ADS not found.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

==== End of Fixlog 22:35:22 ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP