Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Malware issue? DDoS attacks (Ping of Death) and Flooding attacks (S

DDoS Syn Flood Wifi Ping of Death Malware causing IP issues static IP vs dynamic IP Malware in PC = IP issues

  • Please log in to reply

#1
Tipper

Tipper

    Member

  • Member
  • PipPip
  • 15 posts

Unsure of Issue in need of help please

Hello, just new to geeks to go and while searching for help regarding my issue I keep getting referred to a PC problem of malware.

About 3 months ago I started getting repeatedly kicked off xbox 360 while gaming. Now I can’t stay connected online with the xbox for more then 2 mins or less. I noticed on my Belkin Wifi that the logs say DDoS attacks (Ping of Death) and Flooding attacks (Syn Flood) directed at my WAN IP Address XX.XX.XX.XXX on the Belkin.

My PC and 2 Xbox 360s are wired direct to the Wifi which is wired directly to the modem normally.

 I have connected the xbox 360 by itself to the modem and I have no issue staying connected but I don’t know if the xbox has a firewall and I need the wifi for my cell and family that visit that use it. (My Windows Vista PC that has a dynamic IP and seems to be working just fine, the only issue the PC has is repeated requests from sites saying my browser needs updating).

 I do have my Wifi password protected and I believe it is the static address on the Wifi that is the target for the attacks. Can you please help? Is there a possibility to change the static address to dynamic on the Belkin Model# F9K1102V2, will it stop the attacks or am I way off on resolving the issue that way?

 And...I don’t know how or if I can, change the Belkin from static to dynamic

Thanks Tipper

 

FRST.txt   (real name replaced with Tipper)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.01.2018

Ran by Tipper (administrator) on TIPPER-PC (11-01-2018 02:09:38)

Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOTYTLV

Loaded Profiles: Tipper & Chris & Boyz (Available Profiles: Tipper & Chris & Boyz & Mcx1)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe

(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe

(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe

(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE

(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Microsoft Corporation) C:\WINDOWS\System32\conime.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)

HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)

HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()

HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)

HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)

HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)

HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [Itibiti.exe] => C:\Program Files\Itibiti Soft Phone\Itibiti.exe <==== ATTENTION

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [L08AXLRD_45457240] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [RIMDeviceManager] => C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2062680 2011-05-19] (Research In Motion Limited)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Run: [L08AXLRD_72757259] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\system: [LogonHoursAction] 2

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe

Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2018-01-11]

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-29]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Boyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-26]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-13]

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy\User: Restriction ? <==== ATTENTION

GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1003\User: Restriction <==== ATTENTION

GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1001\User: Restriction <==== ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{2328FD5C-20DF-441B-BA4C-12384E9C94FB}: [DhcpNameServer] 192.168.2.1

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-consumer.my.aol.ca/

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.ca/

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.ca/

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt

SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=

SearchScopes: HKLM -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd

SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=

SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} -  No File

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-06-28] (Logitech Inc.)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)

 

FireFox:

========

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-20] [Legacy] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()

FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-12] (RocketLife, LLP)

FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1003: @nsroblox.roblox.com/launcher -> C:\Users\Boyz\AppData\Local\Roblox\Versions\version-b4f311f5cfe34914\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-10] (Adobe Systems Incorporated) [File not signed]

R2 AVP17.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2017-12-04] (Dropbox, Inc.)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]

R2 KSDE1.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [170840 2016-06-10] (AO Kaspersky Lab)

S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [41184 2003-06-26] (Accapella Ltd.)

S3 CoachVc; C:\Windows\System32\DRIVERS\CoachVc.sys [45664 2003-06-26] (Accapella Ltd.) [File not signed]

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [57264 2016-06-07] (AO Kaspersky Lab)

R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [71504 2016-06-14] (AO Kaspersky Lab)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [155352 2017-10-14] (AO Kaspersky Lab)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [130776 2017-10-14] (AO Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [807128 2017-10-14] (AO Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49744 2016-12-07] (AO Kaspersky Lab)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46000 2016-05-18] (AO Kaspersky Lab)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab)

R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)

R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [82352 2016-05-17] (AO Kaspersky Lab)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [71088 2016-05-17] (AO Kaspersky Lab)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165336 2017-07-29] (AO Kaspersky Lab)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()

R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)

R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)

S3 dbx; system32\DRIVERS\dbx.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-01-11 02:09 - 2018-01-11 02:09 - 000000000 ____D C:\FRST

2018-01-08 04:29 - 2018-01-08 04:29 - 008657175 _____ C:\Users\Chris\Documents\Deep Fryer Manual.pdf

2018-01-08 02:59 - 2018-01-08 03:08 - 000000035 _____ C:\Users\Boyz\Documents\Medical info look up for help.txt

2018-01-08 02:39 - 2018-01-08 02:41 - 000000042 _____ C:\Users\Boyz\Documents\Prizm in vision.txt

2017-12-21 02:58 - 2017-12-21 07:55 - 000002212 _____ C:\Users\Tipper\Documents\Geeks to Go help.txt

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-01-11 02:08 - 2011-08-16 15:47 - 000000386 _____ C:\Windows\Tasks\Final Media Player Update Checker.job

2018-01-11 02:04 - 2016-10-28 16:22 - 000000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2018-01-11 02:04 - 2013-10-16 19:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2018-01-11 01:38 - 2016-10-28 16:22 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2018-01-11 00:43 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2018-01-11 00:43 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2018-01-10 18:53 - 2014-04-18 04:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2018-01-10 18:53 - 2014-04-18 04:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2018-01-10 18:53 - 2008-05-17 17:21 - 000000000 ____D C:\Windows\system32\Macromed

2018-01-10 18:43 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-01-08 05:42 - 2006-11-02 08:01 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2018-01-07 15:49 - 2011-07-26 02:06 - 000000000 ____D C:\Program Files\File Type Assistant

2018-01-05 20:52 - 2006-11-02 05:33 - 000006580 _____ C:\Windows\system32\PerfStringBackup.INI

2017-12-30 02:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc

2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1

2017-12-30 02:09 - 2011-06-05 20:16 - 000000000 ____D C:\Users\Boyz

2017-12-30 02:09 - 2011-05-06 03:45 - 000000000 ____D C:\Users\Chris

2017-12-30 02:09 - 2011-04-20 11:55 - 000000000 ____D C:\Users\Tipper

2017-12-30 02:09 - 2006-11-02 05:22 - 140247040 _____ C:\Windows\system32\config\system_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 051118080 _____ C:\Windows\system32\config\software_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 041156608 _____ C:\Windows\system32\config\components_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous

2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous

2017-12-30 02:08 - 2011-08-16 15:47 - 000000000 ____D C:\Users\Tipper\AppData\Roaming\FinalMediaPlayer

2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool

2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration

2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf

 

==================== Files in the root of some directories =======

 

2011-06-01 12:07 - 2015-12-22 05:35 - 000044759 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.Exception.log

2011-06-01 12:06 - 2011-08-16 15:03 - 000003392 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2011-08-16 15:27 - 2015-12-22 05:35 - 000002849 _____ () C:\Users\Tipper\AppData\Roaming\Rim.DesktopHelper.Exception.log

2014-03-25 16:13 - 2014-03-25 16:13 - 000000045 _____ () C:\Users\Tipper\AppData\Roaming\WB.CFG

2011-05-18 14:19 - 2011-05-18 14:19 - 000000000 _____ () C:\Users\Tipper\AppData\Roaming\wklnhst.dat

2012-11-01 06:46 - 2016-11-02 05:56 - 000001356 _____ () C:\Users\Tipper\AppData\Local\d3d9caps.dat

2012-01-17 16:49 - 2017-09-18 12:36 - 000074240 _____ () C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-28 09:23 - 2013-12-28 09:23 - 000351124 _____ () C:\Users\Tipper\AppData\Local\mysearchdial-speeddial.crx

2012-10-23 03:26 - 2012-10-23 03:26 - 000017408 _____ () C:\Users\Tipper\AppData\Local\WebpageIcons.db

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2018-01-10 18:58

 

==================== End of FRST.txt ============================

 

 

Addition.txt  (real name replaced with Tipper)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.01.2018

Ran by Tipper (11-01-2018 02:12:37)

Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTOTYTLV

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-04-20 16:49:56)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3938486149-3048756490-4017228027-500 - Administrator - Disabled)

Tipper (S-1-5-21-3938486149-3048756490-4017228027-1000 - Administrator - Enabled) => C:\Users\Tipper

Boyz (S-1-5-21-3938486149-3048756490-4017228027-1003 - Limited - Enabled) => C:\Users\Boyz

Chris (S-1-5-21-3938486149-3048756490-4017228027-1001 - Limited - Enabled) => C:\Users\Chris

Guest (S-1-5-21-3938486149-3048756490-4017228027-501 - Limited - Disabled)

Mcx1 (S-1-5-21-3938486149-3048756490-4017228027-1004 - Administrator - Enabled) => C:\Users\Mcx1

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)

BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden

BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)

Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)

CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)

CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)

Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )

Dropbox (HKLM\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)

Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)

File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION

Final Media Player 2014 (HKLM\...\FinalMediaPlayer_is1) (Version: 2014.08.04.00 - Bitberry Software) <==== ATTENTION

Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

HP Photo Creations (HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)

HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION

Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)

Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)

LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)

LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)

Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)

Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )

Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)

Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)

Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )

Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )

PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)

Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )

Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)

Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)

ROBLOX Player for Boyz (HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)

swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Uninstall Helper (HKLM\...\{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}) (Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION

Uninstall Helper (HKLM\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1003_Classes\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D}\InprocServer32 -> C:\Users\Boyz\AppData\Local\Roblox\Versions\version-b4f311f5cfe34914\RobloxProxy.dll (ROBLOX Corporation)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2017-12-04] (Dropbox, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-05-22] (NVIDIA Corporation)

ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {09DA987E-5384-44C4-9359-F80E0CE55A8C} - System32\Tasks\{402A8835-4A03-4627-8446-8BCF151CF753} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603

Task: {2C6865C5-1B4D-4998-BABD-CB45D4B027C9} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)

Task: {62723A29-FD3B-4F5F-B7D5-B9F1BFD4E640} - System32\Tasks\{E999EE8A-B462-4D2F-8C6F-0AEC7FF1E3EF} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\

Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe  <==== ATTENTION

Task: {7DBA33D4-0248-4229-A416-08514CB82EAD} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-03-25] (Bitberry Software)

Task: {890419E0-EAE5-4F12-8544-8E5E5BEEAA2C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)

Task: {964DAA7E-EFC5-456C-833F-3F439598E230} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)

Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop

Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION

Task: {C76B646B-84AE-47F7-8FD0-073582FC06AE} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-05-06] ( ) <==== ATTENTION

Task: {DB58737A-01E8-4FF8-8FB9-79E217B19D00} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)

Task: {DF894B9C-6CB6-4C71-BE6E-D4746B6A9FC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)

Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

Task: {EC0650CD-EE19-42D0-838C-23A853709D82} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-05-06] (FTA ApS) <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll

2017-12-06 18:21 - 2017-12-04 20:06 - 000725312 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll

2017-12-06 18:21 - 2017-12-04 20:06 - 002075456 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll

2017-12-06 18:22 - 2017-12-04 20:06 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll

2017-12-06 18:22 - 2017-12-04 20:06 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000062784 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd

2017-12-06 18:21 - 2017-12-04 20:06 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll

2017-12-06 18:22 - 2017-12-04 20:08 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000155464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000050496 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2017-12-06 18:22 - 2017-12-04 20:07 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd

2017-12-06 18:22 - 2017-12-04 20:08 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-12-06 18:22 - 2017-12-04 20:06 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd

2017-12-06 18:22 - 2017-12-04 20:09 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2017-12-06 18:21 - 2017-12-04 20:07 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2017-12-06 18:21 - 2017-12-04 20:06 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll

2017-12-06 18:21 - 2017-12-04 20:07 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll

2017-12-06 18:21 - 2017-12-04 20:07 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll

2017-12-06 18:21 - 2017-12-04 20:07 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll

2017-12-06 18:22 - 2017-12-04 20:09 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2007-05-21 06:02 - 2007-05-21 06:02 - 000269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL

2007-05-21 06:02 - 2007-05-21 06:02 - 000228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL

2007-05-21 06:02 - 2007-05-21 06:02 - 000178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL

2007-05-21 06:02 - 2007-05-21 06:02 - 000351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL

2007-05-21 06:00 - 2007-05-21 06:00 - 000068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICTEIT.EBK

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tipper\Pictures\Me 2.jpg

HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\Pictures\wot2560x1600.jpg

HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Boyz\Pictures\Shadow of Mordor.jpg

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [{D92D6C79-4E3E-4C55-B270-3772F9D2657C}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE

FirewallRules: [{770D80FE-2DB7-4C60-B911-024311024AB0}] => (Allow) LPort=80

FirewallRules: [{5BFA165D-98D1-42B9-8DBB-C23123DA7500}] => (Allow) LPort=80

FirewallRules: [{85C1740F-00A1-4ADE-828A-5DE3DC90AF6D}] => (Allow) LPort=80

FirewallRules: [{20EE2C88-D71B-4B05-9581-0F4D1EB4E7FF}] => (Allow) LPort=4481

FirewallRules: [{3343A644-DA33-45C0-B6F8-75703D1A4C08}] => (Allow) LPort=4481

FirewallRules: [{9699F66B-E3AE-49DD-A0AE-DA2E373C485F}] => (Allow) LPort=4482

FirewallRules: [{C395807F-9F94-4FC8-B806-FF47F0DAD3DA}] => (Allow) LPort=4482

FirewallRules: [{1253EA7A-883E-4F2D-878B-0D89088B081B}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [{3F9BC9C6-4BF0-4DF9-B7F9-F0D72354923C}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [TCP Query User{E61E14B6-2B7B-4B9A-A8EC-94FCBDCD789E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe

FirewallRules: [UDP Query User{A6668CB7-25D3-4515-9533-E3F19AC2076B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe

FirewallRules: [{85C8AE78-3F41-4823-A11B-40C4AA4FC9F8}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [{1995A3E9-CF49-4029-84CE-3D6F151D2101}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

FirewallRules: [TCP Query User{08546204-51B4-4295-BC11-5733FB70F911}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe

FirewallRules: [UDP Query User{D3BD81E3-322B-4ADB-B9AA-C101BA735424}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe

FirewallRules: [{472C2A7C-9E89-43FA-8922-9A792DCE6728}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{C0FE80F8-6DB0-403A-82A8-7473952BDD19}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{039FE2C9-0329-48BE-9910-CF88A6D492F4}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{0544882A-BB01-4012-B621-7BF0EA635474}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe

FirewallRules: [{03A57C7B-C4EB-4EEA-9E5D-C103F4B51706}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe

FirewallRules: [{C2B3017F-DA3F-41AE-B0CC-F83812372997}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{0BFE0F54-CBE3-4EEE-84A5-461D578C2D01}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{E6CC7C32-5F9C-4D43-B8C5-FCA8F86057F3}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{4EA6102F-1B0A-428A-A09E-89C192F71B65}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{AE7CE02D-6746-4E72-BF1C-7F455868D1AB}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{5626D9CE-8125-420E-A8B3-354AA3609C13}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [{4EA7CE8A-DE16-471E-A1C1-C3A7F903D7A3}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{2C18A20C-6338-4CA6-889D-61F7A076066E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{44450312-2BF9-4A3A-9479-6D1E7A931FE8}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{56E8EEF2-BB46-4569-83C3-801C78D7B31D}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe

FirewallRules: [{F93B05B1-C570-4C0F-AF9C-46AFBA2B20E1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe

FirewallRules: [{ACD4BAF2-009A-4F30-B641-47371F46485A}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe

FirewallRules: [TCP Query User{C93416B8-BA29-49F9-BA5A-AC531D041DD7}E:\setup.exe] => (Allow) E:\setup.exe

FirewallRules: [UDP Query User{53A6C86A-EB12-41E1-A38A-6D03F0F4A96E}E:\setup.exe] => (Allow) E:\setup.exe

FirewallRules: [{EC294BAD-5D99-4C91-B894-63A3AD473A40}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

 

==================== Restore Points =========================

 

13-11-2017 20:56:40 Windows Update

15-11-2017 00:00:25 Scheduled Checkpoint

26-11-2017 03:00:38 Windows Update

28-11-2017 17:49:59 Scheduled Checkpoint

29-11-2017 03:00:13 Windows Update

30-11-2017 00:00:11 Scheduled Checkpoint

01-12-2017 00:00:09 Scheduled Checkpoint

02-12-2017 00:00:09 Scheduled Checkpoint

03-12-2017 00:00:09 Scheduled Checkpoint

04-12-2017 00:00:07 Scheduled Checkpoint

05-12-2017 00:00:07 Scheduled Checkpoint

06-12-2017 00:00:15 Scheduled Checkpoint

06-12-2017 16:05:44 Windows Update

08-12-2017 00:00:10 Scheduled Checkpoint

09-12-2017 00:00:12 Scheduled Checkpoint

10-12-2017 00:00:20 Scheduled Checkpoint

11-12-2017 00:00:14 Scheduled Checkpoint

11-12-2017 22:39:48 Windows Update

13-12-2017 00:00:15 Scheduled Checkpoint

27-12-2017 04:01:51 First Restore Point

30-12-2017 02:02:35 Restore Operation

30-12-2017 02:36:27 First Restore Point

08-01-2018 00:55:25 My own made restore point

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/10/2018 06:58:29 PM) (Source: EventSystem) (EventID: 4621) (User: )

Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {4168BD23-C752-4DA0-A076-FC6B588FD2AC}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

 

Error: (01/10/2018 06:44:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/08/2018 04:50:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/08/2018 12:49:49 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16872 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 1cc8

Start Time: 01d388445f765ab0

Termination Time: 190

 

Error: (01/05/2018 08:52:03 PM) (Source: LoadPerf) (EventID: 3011) (User: )

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (01/05/2018 08:52:03 PM) (Source: LoadPerf) (EventID: 3012) (User: )

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (01/05/2018 08:46:25 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/04/2018 08:15:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,

process id 0xe0c, application start time 0x01d3855d24a66e00.

 

Error: (01/03/2018 05:17:51 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,

process id 0x105c, application start time 0x01d3847b2f28ef20.

 

Error: (01/01/2018 02:05:48 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,

process id 0x172c, application start time 0x01d382cee3498360.

 

 

System errors:

=============

Error: (01/10/2018 06:46:40 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: Event-ID 1001

 

Error: (01/10/2018 06:43:15 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 192.168.2.3 for the Network Card with network address 001E9034E132 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

 

Error: (01/08/2018 04:56:14 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: Event-ID 1001

 

Error: (01/05/2018 08:54:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)

Description: Event-ID 1001

 

Error: (01/05/2018 08:47:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HP Health Check Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

Error: (01/05/2018 08:47:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

 

Error: (01/05/2018 08:46:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Font Cache Service service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

 

Error: (01/05/2018 08:46:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

 

Error: (01/05/2018 08:46:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Error: (01/05/2018 08:44:17 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 192.168.2.2 for the Network Card with network address 001E9034E132 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

 

 

CodeIntegrity:

===================================

  Date: 2018-01-11 02:11:41.781

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:40.857

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:39.906

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:38.945

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:37.899

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:36.931

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:35.941

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:34.975

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:33.884

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2018-01-11 02:11:32.910

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+

Percentage of memory in use: 66%

Total physical RAM: 3005.76 MB

Available physical RAM: 1002.73 MB

Total Virtual: 6229.71 MB

Available Virtual: 3337.5 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:158.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: F451C310)

Partition 1: (Active) - (Size=455.4 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,310 posts
  • MVP

Uninstall:

File Type Assistant

Final Media Player 2014

Itibiti RTC

(IF you need to make phone calls with your PC then use Google hangouts:

https://hangouts.google.com/

)

 

Java 8 Update 31

Uninstall Helper

Uninstall Helper

(If you need an uninstaller get the free version of Revo

https://www.revounin..._download.html

)

Yahoo! Detect

 

Then

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).


Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 

Reboot

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

 

Run FRST as before.  Check the Addition.txt box before hitting SCAN.  Post both logs.

 

 

 

 


  • 0

#3
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

RKinner...thanks for your reply,
I could not find 'Itibiti RTC' nor 'Yahoo! Detect' to uninstall them. Also I am
not sure who user 'Mcx1' is, on my PC (unless it is the person from the
electronics dept.where I bought the PC). Here are requested files. Tipper

 

# AdwCleaner 7.0.6.0 - Logfile created on Tue Jan 16 18:32:20 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows Vista ™ Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Registry Helper
Deleted: C:\ProgramData\Application Data\Registry Helper
Deleted: C:\Users\All Users\Registry Helper
Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Users\Tipper\AppData\LocalLow\Yahoo! Companion

Deleted: C:\Program Files\File Type Assistant
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Tipper\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Boyz\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Chris\AppData\Local\FileTypeAssistant
Deleted: C:\Users\TEMP\AppData\Local\FileTypeAssistant
Deleted: C:\Users\Boyz\AppData\Local\FinalMediaPlayer
Deleted: C:\Users\Chris\AppData\Local\FinalMediaPlayer
Deleted: C:\ProgramData\iWin
Deleted: C:\ProgramData\Application Data\iWin
Deleted: C:\Users\All Users\iWin
Deleted: C:\Users\Boyz\AppData\Roaming\iWin
Deleted: C:\Program Files\Yahoo!\Companion
Deleted: C:\Users\Tipper\AppData\LocalLow\Yahoo!\Companion
Deleted: C:\Users\Tipper\AppData\Roaming\Yahoo!\Companion
Deleted: C:\Program Files\Conduit
Deleted: C:\Users\Tipper\AppData\Local\Conduit
Deleted: C:\Users\Tipper\AppData\LocalLow\Conduit
Deleted: C:\Users\Tipper\Documents\Coupons
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\Tipper\AppData\LocalLow\Mysearchdial

***** [ Files ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Deleted: C:\Users\Tipper\AppData\Local\mysearchdial-speeddial.crx
Deleted: C:\Windows\System32\RegistryHelperLM.ocx

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Deleted: [Key] - HKLM\SOFTWARE\W3I
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Bitberry
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Bitberry
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Bitberry
Deleted: [Key] - HKCU\Software\Bitberry
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\FileTypeAssistant
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\FileTypeAssistant
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FinalMediaPlayer_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FinalMediaPlayer_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\YahooPartnerToolbar

Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted: [Value] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Deleted: [Key] - HKLM\SOFTWARE\Conduit

Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1001\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1003\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKCU\Software\AppDataLow\Software\PriceGong
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Deleted: [Key] - HKLM\SOFTWARE\InstallIQ
Deleted: [Key] - HKLM\SOFTWARE\mysearchdial
Deleted: [Key] - HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\InstallCore
Deleted: [Key] - HKCU\Software\InstallCore
Deleted: [Key] - HKLM\SOFTWARE\Freeze.com
Deleted: [Key] - HKLM\SOFTWARE\Classes\Toolbar.CT3241324

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [9850 B] - [2018/1/16 18:29:2]
C:/AdwCleaner/scan report 1 AdwCleaner[S0].txt - [9850 B] - [2018/1/16 18:30:6]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Tipper (administrator) on 16-01-2018 at 14:07:59
Running from "C:\Users\Tipper\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: D5468AT-ABA ALONPAV Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet  = Local Area Connection (Connected)
Kaspersky Security Data Escort Adapter = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tipper-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Kaspersky Security Data Escort Adapter
   Physical Address. . . . . . . . . : 00-FF-C8-12-4E-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
   Physical Address. . . . . . . . . : 00-1E-90-34-E1-32
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::38bb:6843:8521:6cb8%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : January-16-18 1:49:27 PM
   Lease Expires . . . . . . . . . . : February-22-54 8:36:30 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 251666064
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-40-FF-3F-00-1E-90-34-E1-32
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : isatap.Belkin
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{C8124E22-C633-4F07-890B-C52239BE2B42}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:400b:80c::200e
   172.217.1.174

 

Pinging google.com [172.217.1.174] with 32 bytes of data:

Reply from 172.217.1.174: bytes=32 time=11ms TTL=55

Reply from 172.217.1.174: bytes=32 time=10ms TTL=55

 

Ping statistics for 172.217.1.174:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 10ms, Maximum = 11ms, Average = 10ms

Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  2001:4998:c:e33::53
   2001:4998:58:2201::73
   2001:4998:44:204::100d
   206.190.39.42
   98.138.252.38
   98.139.180.180

 

Pinging yahoo.com [206.190.39.42] with 32 bytes of data:

Reply from 206.190.39.42: bytes=32 time=73ms TTL=51

Reply from 206.190.39.42: bytes=32 time=73ms TTL=51

 

Ping statistics for 206.190.39.42:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 73ms, Maximum = 73ms, Average = 73ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 12 ...00 ff c8 12 4e 22 ...... Kaspersky Security Data Escort Adapter
 10 ...00 1e 90 34 e1 32 ...... NVIDIA nForce 10/100 Mbps Ethernet
  1 ........................... Software Loopback Interface 1
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 14 ...00 00 00 00 00 00 00 e0  isatap.Belkin
 13 ...00 00 00 00 00 00 00 e0  isatap.{C8124E22-C633-4F07-890B-C52239BE2B42}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::38bb:6843:8521:6cb8/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2018 01:51:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2018 01:36:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2018 12:29:18 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1534, application start time 0xiexplore.exe0.

Error: (01/16/2018 12:21:17 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1490, application start time 0xiexplore.exe0.

Error: (01/16/2018 12:18:55 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1338, application start time 0xiexplore.exe0.

Error: (01/16/2018 12:17:45 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x10b4, application start time 0xiexplore.exe0.

Error: (01/12/2018 08:00:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2018 03:12:45 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1cfc, application start time 0xiexplore.exe0.

Error: (01/12/2018 02:54:57 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x654, application start time 0xiexplore.exe0.

Error: (01/11/2018 03:40:44 PM) (Source: Application Error) (User: )
Description: Faulting application DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, faulting module DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, exception code 0xc0000005, fault offset 0x00001ac5,
process id 0x700, application start time 0xDbxSvc.exe0.

System errors:
=============
Error: (01/16/2018 02:05:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (01/16/2018 01:57:54 PM) (Source: DCOM) (User: Tipper-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tipper-PCTipperS-1-5-21-3938486149-3048756490-4017228027-1000LocalHost (Using LRPC)

Error: (01/16/2018 01:57:47 PM) (Source: DCOM) (User: Tipper-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tipper-PCTipperS-1-5-21-3938486149-3048756490-4017228027-1000LocalHost (Using LRPC)

Error: (01/16/2018 01:57:31 PM) (Source: DCOM) (User: Tipper-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Tipper-PCTipperS-1-5-21-3938486149-3048756490-4017228027-1000LocalHost (Using LRPC)

Error: (01/16/2018 01:37:45 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x80070032

Error: (01/16/2018 01:32:49 PM) (Source: Service Control Manager) (User: )
Description: Software Licensing11200001Restart the service

Error: (01/16/2018 01:32:05 PM) (Source: Service Control Manager) (User: )
Description: Kaspersky Secure Connection Service 1.0.01100001Restart the service

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (User: )
Description: HP Health Check Service1600001Restart the service

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (User: )
Description: XAudioService1

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (User: )
Description: DbxSvc1

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2018-01-11 02:11:41.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:40.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:39.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:38.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:37.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:36.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:35.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:34.975
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:33.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-11 02:11:32.910
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKCU\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 3005.76 MB
Available physical RAM: 670.09 MB
Total Virtual: 6223.7 MB
Available Virtual: 3646.13 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:159.16 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS

========================= Users: ========================================

User accounts for \\TIPPER-PC

Administrator            Tipper                    Boyz                    
Chris                    Guest                    Mcx1                    

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.01.2018
Ran by Tipper (administrator) on TIPPER-PC (16-01-2018 14:34:51)
Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTPGXSZK
Loaded Profiles: Tipper (Available Profiles: Tipper & Chris & Boyz & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_28_0_0_137_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3567928 2018-01-08] (Dropbox, Inc.)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [L08AXLRD_45457240] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2018-01-16]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Boyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1001\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2328FD5C-20DF-441B-BA4C-12384E9C94FB}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-consumer.my.aol.ca/
SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} -  No File
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-06-28] (Logitech Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-10-14]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-12] (RocketLife, LLP)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2018-01-10] (Adobe Systems Incorporated) [File not signed]
R2 AVP17.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43336 2018-01-08] (Dropbox, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R2 KSDE1.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [170840 2016-06-10] (AO Kaspersky Lab)
S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [41184 2003-06-26] (Accapella Ltd.)
S3 CoachVc; C:\Windows\System32\DRIVERS\CoachVc.sys [45664 2003-06-26] (Accapella Ltd.) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [165296 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [57264 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [71504 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [69000 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [155352 2017-10-14] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [130776 2017-10-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [807128 2017-10-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49744 2016-12-07] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [46000 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41392 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [48056 2016-06-07] (The OpenVPN Project)
R1 kltdf; C:\Windows\System32\DRIVERS\kltdf.sys [82352 2016-05-17] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [71088 2016-05-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [165336 2017-07-29] (AO Kaspersky Lab)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-16 14:07 - 2018-01-16 14:10 - 000025866 _____ C:\Users\Tipper\Downloads\MTB.txt
2018-01-16 14:03 - 2018-01-16 14:03 - 000000557 _____ C:\Users\Tipper\Desktop\MiniToolBox.exe - Shortcut.lnk
2018-01-16 14:02 - 2018-01-16 14:02 - 000000535 _____ C:\Users\Tipper\Downloads\MiniToolBox.exe - Shortcut.lnk
2018-01-16 14:01 - 2018-01-16 14:01 - 000892416 _____ (Farbar) C:\Users\Tipper\Downloads\MiniToolBox.exe
2018-01-16 13:26 - 2018-01-16 14:12 - 000000000 ____D C:\AdwCleaner
2018-01-11 15:40 - 2018-01-11 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-11 04:38 - 2018-01-16 14:12 - 000000000 ____D C:\Users\Tipper\Documents\Geeks to go help file
2018-01-11 02:09 - 2018-01-16 14:34 - 000000000 ____D C:\FRST
2018-01-08 16:15 - 2018-01-08 16:15 - 000043336 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-01-08 16:15 - 2018-01-08 16:15 - 000035432 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-01-08 16:15 - 2018-01-08 16:15 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-01-08 16:15 - 2018-01-08 16:15 - 000035408 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-01-08 04:29 - 2018-01-08 04:29 - 008657175 _____ C:\Users\Chris\Documents\Deep Fryer Manual.pdf
2018-01-08 02:59 - 2018-01-08 03:08 - 000000035 _____ C:\Users\Boyz\Documents\Medical info look up for help.txt
2018-01-08 02:39 - 2018-01-08 02:41 - 000000042 _____ C:\Users\Boyz\Documents\Prizm in vision.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-16 14:05 - 2013-10-16 19:48 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-01-16 13:50 - 2016-10-28 16:22 - 000000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-16 13:49 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-16 13:49 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-16 13:49 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-16 13:48 - 2006-11-02 08:01 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-01-16 13:38 - 2016-10-28 16:22 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-16 13:32 - 2011-07-26 02:05 - 000000000 ____D C:\Users\Tipper\AppData\Roaming\Yahoo!
2018-01-16 13:32 - 2011-07-26 02:05 - 000000000 ____D C:\Users\Tipper\AppData\LocalLow\Yahoo!
2018-01-16 13:32 - 2008-05-17 17:37 - 000000000 ____D C:\Program Files\Yahoo!
2018-01-16 13:08 - 2011-08-15 02:32 - 000000000 __SHD C:\AI_RecycleBin
2018-01-16 13:08 - 2011-08-15 02:27 - 000000000 __SHD C:\Windows\system32\AI_RecycleBin
2018-01-16 13:07 - 2008-05-17 17:28 - 000000000 ____D C:\Program Files\Java
2018-01-11 15:40 - 2016-10-28 16:21 - 000000000 ____D C:\Program Files\Dropbox
2018-01-10 18:53 - 2014-04-18 04:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-01-10 18:53 - 2014-04-18 04:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-01-10 18:53 - 2008-05-17 17:21 - 000000000 ____D C:\Windows\system32\Macromed
2018-01-05 20:52 - 2006-11-02 05:33 - 000006580 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-30 02:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc
2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1
2017-12-30 02:09 - 2011-06-05 20:16 - 000000000 ____D C:\Users\Boyz
2017-12-30 02:09 - 2011-05-06 03:45 - 000000000 ____D C:\Users\Chris
2017-12-30 02:09 - 2011-04-20 11:55 - 000000000 ____D C:\Users\Tipper
2017-12-30 02:09 - 2006-11-02 05:22 - 140247040 _____ C:\Windows\system32\config\system_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 051118080 _____ C:\Windows\system32\config\software_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 041156608 _____ C:\Windows\system32\config\components_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2017-12-30 02:09 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2017-12-30 02:08 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2011-06-01 12:07 - 2015-12-22 05:35 - 000044759 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.Exception.log
2011-06-01 12:06 - 2011-08-16 15:03 - 000003392 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-08-16 15:27 - 2015-12-22 05:35 - 000002849 _____ () C:\Users\Tipper\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-25 16:13 - 2014-03-25 16:13 - 000000045 _____ () C:\Users\Tipper\AppData\Roaming\WB.CFG
2011-05-18 14:19 - 2011-05-18 14:19 - 000000000 _____ () C:\Users\Tipper\AppData\Roaming\wklnhst.dat
2012-11-01 06:46 - 2016-11-02 05:56 - 000001356 _____ () C:\Users\Tipper\AppData\Local\d3d9caps.dat
2012-01-17 16:49 - 2017-09-18 12:36 - 000074240 _____ () C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-23 03:26 - 2012-10-23 03:26 - 000017408 _____ () C:\Users\Tipper\AppData\Local\WebpageIcons.db

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-16 14:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.01.2018
Ran by Tipper (16-01-2018 14:37:31)
Running from C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTPGXSZK
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-04-20 16:49:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3938486149-3048756490-4017228027-500 - Administrator - Disabled)
Tipper (S-1-5-21-3938486149-3048756490-4017228027-1000 - Administrator - Enabled) => C:\Users\Tipper
Boyz (S-1-5-21-3938486149-3048756490-4017228027-1003 - Limited - Enabled) => C:\Users\Boyz
Chris (S-1-5-21-3938486149-3048756490-4017228027-1001 - Limited - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3938486149-3048756490-4017228027-501 - Limited - Disabled)
Mcx1 (S-1-5-21-3938486149-3048756490-4017228027-1004 - Administrator - Enabled) => C:\Users\Mcx1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - CyberLink Corp.)
Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\HP Photo Creations) (Version: 1.0.0.17712 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Kaspersky Secure Connection (HKLM\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (HKLM\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32\nvcpl.dll [2008-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll [2017-03-14] (AO Kaspersky Lab)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09DA987E-5384-44C4-9359-F80E0CE55A8C} - System32\Tasks\{402A8835-4A03-4627-8446-8BCF151CF753} => "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {2C6865C5-1B4D-4998-BABD-CB45D4B027C9} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {62723A29-FD3B-4F5F-B7D5-B9F1BFD4E640} - System32\Tasks\{E999EE8A-B462-4D2F-8C6F-0AEC7FF1E3EF} => C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe  <==== ATTENTION
Task: {890419E0-EAE5-4F12-8544-8E5E5BEEAA2C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {964DAA7E-EFC5-456C-833F-3F439598E230} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop
Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {DB58737A-01E8-4FF8-8FB9-79E217B19D00} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {DF894B9C-6CB6-4C71-BE6E-D4746B6A9FC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated)
Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-27 23:19 - 2016-06-27 23:19 - 000865232 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2018-01-11 15:40 - 2018-01-08 16:15 - 000732480 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2018-01-11 15:40 - 2018-01-08 16:15 - 002061632 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2017-12-06 18:22 - 2018-01-08 16:15 - 000100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000020800 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000021848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000130512 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 001856848 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000022864 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-12-06 18:22 - 2018-01-08 16:15 - 000105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000063296 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000040248 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000392656 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-12-06 18:22 - 2018-01-08 16:16 - 000392512 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000026056 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000021824 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000023368 _____ () C:\Program Files\Dropbox\Client\winshell.compiled._winshell.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000022856 _____ () C:\Program Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000066392 _____ () C:\Program Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 001796920 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000084424 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 001956152 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 003859264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000155464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000521024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000050496 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000042304 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000131384 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000218944 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000204096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000054608 _____ () C:\Program Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000022864 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-12-06 18:22 - 2018-01-08 16:16 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000022360 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-06 18:22 - 2018-01-08 16:15 - 000349128 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-12-06 18:22 - 2018-01-08 16:17 - 000023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000025424 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-01-11 15:40 - 2018-01-08 16:15 - 000036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2018-01-11 15:40 - 2018-01-08 16:16 - 000021848 _____ () C:\Program Files\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-11 15:40 - 2018-01-08 16:16 - 000181056 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2018-01-11 15:40 - 2018-01-08 16:16 - 000024368 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2018-01-11 15:40 - 2018-01-08 16:16 - 001638200 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-12-06 18:22 - 2018-01-08 16:17 - 000026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2007-05-21 06:02 - 2007-05-21 06:02 - 000269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL
2007-05-21 06:00 - 2007-05-21 06:00 - 000068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICTEIT.EBK

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tipper\Pictures\Me 2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D92D6C79-4E3E-4C55-B270-3772F9D2657C}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{770D80FE-2DB7-4C60-B911-024311024AB0}] => (Allow) LPort=80
FirewallRules: [{5BFA165D-98D1-42B9-8DBB-C23123DA7500}] => (Allow) LPort=80
FirewallRules: [{85C1740F-00A1-4ADE-828A-5DE3DC90AF6D}] => (Allow) LPort=80
FirewallRules: [{20EE2C88-D71B-4B05-9581-0F4D1EB4E7FF}] => (Allow) LPort=4481
FirewallRules: [{3343A644-DA33-45C0-B6F8-75703D1A4C08}] => (Allow) LPort=4481
FirewallRules: [{9699F66B-E3AE-49DD-A0AE-DA2E373C485F}] => (Allow) LPort=4482
FirewallRules: [{C395807F-9F94-4FC8-B806-FF47F0DAD3DA}] => (Allow) LPort=4482
FirewallRules: [{1253EA7A-883E-4F2D-878B-0D89088B081B}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{3F9BC9C6-4BF0-4DF9-B7F9-F0D72354923C}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{E61E14B6-2B7B-4B9A-A8EC-94FCBDCD789E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [UDP Query User{A6668CB7-25D3-4515-9533-E3F19AC2076B}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [{85C8AE78-3F41-4823-A11B-40C4AA4FC9F8}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{1995A3E9-CF49-4029-84CE-3D6F151D2101}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{08546204-51B4-4295-BC11-5733FB70F911}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [UDP Query User{D3BD81E3-322B-4ADB-B9AA-C101BA735424}C:\program files\limewire plus+\limewire.exe] => (Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [{472C2A7C-9E89-43FA-8922-9A792DCE6728}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C0FE80F8-6DB0-403A-82A8-7473952BDD19}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{0544882A-BB01-4012-B621-7BF0EA635474}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{03A57C7B-C4EB-4EEA-9E5D-C103F4B51706}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{2C18A20C-6338-4CA6-889D-61F7A076066E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F93B05B1-C570-4C0F-AF9C-46AFBA2B20E1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{C93416B8-BA29-49F9-BA5A-AC531D041DD7}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [UDP Query User{53A6C86A-EB12-41E1-A38A-6D03F0F4A96E}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [{F191F0E9-82F9-4F26-AA23-750C16C15CA0}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

15-11-2017 00:00:25 Scheduled Checkpoint
26-11-2017 03:00:38 Windows Update
28-11-2017 17:49:59 Scheduled Checkpoint
29-11-2017 03:00:13 Windows Update
30-11-2017 00:00:11 Scheduled Checkpoint
01-12-2017 00:00:09 Scheduled Checkpoint
02-12-2017 00:00:09 Scheduled Checkpoint
03-12-2017 00:00:09 Scheduled Checkpoint
04-12-2017 00:00:07 Scheduled Checkpoint
05-12-2017 00:00:07 Scheduled Checkpoint
06-12-2017 00:00:15 Scheduled Checkpoint
06-12-2017 16:05:44 Windows Update
08-12-2017 00:00:10 Scheduled Checkpoint
09-12-2017 00:00:12 Scheduled Checkpoint
10-12-2017 00:00:20 Scheduled Checkpoint
11-12-2017 00:00:14 Scheduled Checkpoint
11-12-2017 22:39:48 Windows Update
13-12-2017 00:00:15 Scheduled Checkpoint
27-12-2017 04:01:51 First Restore Point
30-12-2017 02:02:35 Restore Operation
30-12-2017 02:36:27 First Restore Point
08-01-2018 00:55:25 My own made restore point
16-01-2018 13:02:59 Removed Java 8 Update 31
16-01-2018 13:05:29 Removed Java 8 Update 31
16-01-2018 13:07:55 Removed Uninstall Helper

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2018 01:51:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2018 01:36:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2018 12:29:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1534, application start time 0x01d38eeeb45f6e30.

Error: (01/16/2018 12:21:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1490, application start time 0x01d38eee180352e0.

Error: (01/16/2018 12:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1338, application start time 0x01d38eedeee2f140.

Error: (01/16/2018 12:17:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x10b4, application start time 0x01d38eed8920ec90.

Error: (01/12/2018 08:00:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/12/2018 03:12:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x1cfc, application start time 0x01d38b7d18df9756.

Error: (01/12/2018 02:54:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16872, time stamp 0x58caa9a9, faulting module MSHTML.dll, version 9.0.8112.16872, time stamp 0x58caaabd, exception code 0xc0000005, fault offset 0x0041b9e0,
process id 0x654, application start time 0x01d38b7a3477eba6.

Error: (01/11/2018 03:40:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, faulting module DbxSvc.exe, version 1.0.24.0, time stamp 0x5a25eef4, exception code 0xc0000005, fault offset 0x00001ac5,
process id 0x700, application start time 0x01d38a6cd5b589a6.

System errors:
=============
Error: (01/16/2018 02:05:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001

Error: (01/16/2018 01:57:54 PM) (Source: DCOM) (EventID: 10016) (User: Tipper-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tipper-PC\Tipper SID (S-1-5-21-3938486149-3048756490-4017228027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2018 01:57:47 PM) (Source: DCOM) (EventID: 10016) (User: Tipper-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tipper-PC\Tipper SID (S-1-5-21-3938486149-3048756490-4017228027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2018 01:57:31 PM) (Source: DCOM) (EventID: 10016) (User: Tipper-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Tipper-PC\Tipper SID (S-1-5-21-3938486149-3048756490-4017228027-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2018 01:37:45 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001

Error: (01/16/2018 01:32:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/16/2018 01:32:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/16/2018 01:32:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2018-01-16 14:36:52.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:51.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:50.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:49.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:48.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:47.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:46.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:45.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:44.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-16 14:36:43.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\kltdf.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+
Percentage of memory in use: 82%
Total physical RAM: 3005.76 MB
Available physical RAM: 525.15 MB
Total Virtual: 6223.7 MB
Available Virtual: 3379.07 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:159.28 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:1.05 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F451C310)
Partition 1: (Active) - (Size=455.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Tipper, 16 January 2018 - 05:06 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,310 posts
  • MVP

Looks like Mcx1 was created back in 2012:

2017-12-30 02:09 - 2012-03-16 02:01 - 000000000 ____D C:\Users\Mcx1

 

You can probably remove it if you want to:  Control panel (View: Large icons) User Accounts, Manage another Acoount then click on Mcx1.  There should be an option to delete it.

 

 

Download the attached fixlist.txt to the same location as FRST

 

Attached File  fixlist.txt   6.02KB   71 downloads


Run FRST and press Fix
A fix log will be generated please post that



Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Tell it you do not need CCLEANER by unchecking the box at the bottom of the download page
Save and Install it.   Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


 


  • 0

#5
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Fix result of Farbar Recovery Scan Tool (x86) Version: 17.01.2018 01
Ran by Tipper (17-01-2018 22:34:52) Run:3
Running from C:\Users\Tipper\Downloads
Loaded Profiles: Tipper (Available Profiles: Tipper & Chris & Boyz & Mcx1)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {45ed0a07-e3df-11e0-92d9-001e9034e132} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {70fee8d0-6b8f-11e0-9202-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\MountPoints2: {fa945a74-6b73-11e0-8a33-001e9034e132} - J:\ConnectProSST.exe
SearchScopes: HKLM -> DefaultScope {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {3E9A1439-8462-49AD-8004-D9FC5BE53FF4} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file_14_13_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDtAyE0EtCtAtBtD0C0EzztN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCyEtA0Bzyzy0CtGtCyB0DyCtGtAyE0CtDtGyB0DyBzztGtAyC0BtC0F0ByCtBzz0CyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0Azzzy0BtB0AtDtGyC0B0A0FtGyE0EtB0EtGtAyC0BzztGtBtB0EtDtDtDzyyB0D0E0DtA2Q&cr=1446448765&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {789733C8-7A68-4A43-ACE3-BEB2292C914B} -  No File
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
CMD: Type \Users\Tipper\AppData\Local\Temp\launchie.vbs
Task: {6D411B50-4F7D-4329-9A84-5CA1B36B846C} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe  <==== ATTENTION
Task: {AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} - System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => C:\Windows\system32\pcalua.exe -a "C:\Users\Tipper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMTRDXPQ\Install_YourCottonellePuppy.exe" -d C:\Users\Tipper\Desktop
Task: {AC5404A0-3312-4DB4-A01E-91766AC907D5} - System32\Tasks\4674 => wscript.exe C:\Users\Tipper\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {E83F721D-3ECE-4861-A1D1-610583D9CA55} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
AlternateDataStreams: C:\ProgramData\TEMP:9D718DA3 [254]
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

 

 

 

 

 

 

*****************

HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L => not found
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45ed0a07-e3df-11e0-92d9-001e9034e132} => not found
HKLM\Software\Classes\CLSID\{45ed0a07-e3df-11e0-92d9-001e9034e132} => not found
"HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70fee8d0-6b8f-11e0-9202-806e6f6e6963}" => removed successfully.
HKLM\Software\Classes\CLSID\{70fee8d0-6b8f-11e0-9202-806e6f6e6963} => not found
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa945a74-6b73-11e0-8a33-001e9034e132} => not found
HKLM\Software\Classes\CLSID\{fa945a74-6b73-11e0-8a33-001e9034e132} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E9A1439-8462-49AD-8004-D9FC5BE53FF4} => not found
HKLM\Software\Classes\CLSID\{3E9A1439-8462-49AD-8004-D9FC5BE53FF4} => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => not found
HKLM\Software\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => not found
"HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{789733C8-7A68-4A43-ACE3-BEB2292C914B}" => not found
HKLM\Software\Classes\CLSID\{789733C8-7A68-4A43-ACE3-BEB2292C914B} => not found
dbx => service not found.
IpInIp => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
PcdrNdisuio => service not found.

========= Type \Users\Tipper\AppData\Local\Temp\launchie.vbs =========

The system cannot find the file specified.

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D411B50-4F7D-4329-9A84-5CA1B36B846C} => not found
"C:\Windows\System32\Tasks\0" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAC2C8DD-5A86-47EC-9E8B-BC6EBEAFF3AC} => not found
"C:\Windows\System32\Tasks\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7}" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1CDDCFE9-A42D-4067-9CDA-E68CB6FC10B7} => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5404A0-3312-4DB4-A01E-91766AC907D5} => not found
"C:\Windows\System32\Tasks\4674" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4674 => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E83F721D-3ECE-4861-A1D1-610583D9CA55} => not found
"C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Deskjet 1050 J410 series => not found
"C:\ProgramData\TEMP" => ":9D718DA3" ADS not found.

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

========= End of CMD: =========

==== End of Fixlog 22:35:22 ====


  • 0

#6
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 17/01/2018 11:40:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/01/2018 3:59:25 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:58:55 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:58:25 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:58:19 AM
Type: Error Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
Application initialization failed. Last error: 0x80070032

Log: 'System' Date/Time: 18/01/2018 3:57:55 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:57:25 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:56:55 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:56:25 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:55:54 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:55:24 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:54:53 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:54:18 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:54:04 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

Log: 'System' Date/Time: 18/01/2018 3:54:04 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 17/01/2018 11:48:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/01/2018 3:53:59 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#7
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
svchost.exe 50.00 686,596 K 496,836 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 47.01 0 K 24 K 0   
procexp.exe 2.24 27,020 K 36,756 K 5800 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
explorer.exe 0.75 40,296 K 59,180 K 3472 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe < 0.01 84,376 K 87,564 K 3452 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 163,616 K 198,912 K 4340 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
avp.exe < 0.01 180,704 K 86,524 K 628 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
System < 0.01 0 K 33,724 K 4   
iexplore.exe < 0.01 18,832 K 30,256 K 4224 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
wmpnetwk.exe < 0.01 6,092 K 10,168 K 4912 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe < 0.01 4,264 K 4,128 K 804   
csrss.exe < 0.01 1,916 K 4,532 K 636 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,644 K 9,752 K 756 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
avpui.exe < 0.01 81,904 K 2,252 K 1224 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
EDICT.EXE < 0.01 29,580 K 17,820 K 4060 Microsoft Encarta Dictionaries Microsoft Corporation (Verified) Microsoft Corporation
rundll32.exe < 0.01 3,848 K 5,300 K 1580 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 41,088 K 16,292 K 2360 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 79,180 K 80,004 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 6,968 K 8,664 K 1836 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs  
XAudio.exe  788 K 2,188 K 2412 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe  2,776 K 4,124 K 2388 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wpcumi.exe  3,000 K 5,352 K 4020 Windows Parental Control Notifications Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe  1,940 K 5,060 K 1492 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  3,312 K 6,012 K 3848 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,028 K 4,800 K 916 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,264 K 3,608 K 740 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe  2,320 K 4,740 K 5832 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  1,340 K 4,296 K 1924 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  9,428 K 10,084 K 2128 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  2,028 K 5,860 K 1804 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,844 K 5,888 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  16,000 K 12,236 K 1644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  8,452 K 10,904 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,316 K 5,788 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  44,996 K 32,892 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  18,416 K 13,808 K 1192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  15,796 K 12,260 K 1900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,224 K 4,400 K 1408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,148 K 4,464 K 2108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,508 K 6,040 K 2156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  608 K 2,212 K 2220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,736 K 65,560 K 5400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe  308 K 704 K 552 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe  7,860 K 10,916 K 1424 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe  2,820 K 6,332 K 788 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe  4,568 K 8,800 K 376 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe  3,164 K 4,064 K 728 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe  9,004 K 5,656 K 4040 HD Audio Control Panel Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RIMBBLaunchAgent.exe  2,948 K 4,260 K 736 Launch Agent Service Research In Motion Limited (Verified) Research In Motion
pptd40nt.exe  2,296 K 2,880 K 2100 PaperPort Print to Desktop for NT ScanSoft, Inc. (No signature was present in the subject) ScanSoft, Inc.
ONENOTEM.EXE  1,104 K 704 K 2244 Microsoft Office OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe  1,156 K 3,080 K 1040 NVIDIA Driver Helper Service, Version 175.21 NVIDIA Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
MpCmdRun.exe  2,684 K 4,660 K 4688 Windows Defender Command Line Utility Microsoft Corporation (Verified) Microsoft Windows
LVPrcSrv.exe  1,436 K 3,688 K 2052 Logitech LVPrcSrv Module. Logitech Inc. (Verified) Logitech Inc
LSSrvc.exe  1,108 K 3,116 K 1960 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
lsm.exe  2,380 K 4,612 K 816 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
ksde.exe  16,976 K 8,132 K 1624 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab
kbd.exe  9,680 K 8,864 K 3784 KBD EXE Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpwuschd2.exe  936 K 2,660 K 3540 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hpsysdrv.exe  732 K 2,344 K 2436 hpsysdrv Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
HPHC_Service.exe  10,580 K 7,580 K 4824 HP Health Check Service Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
FlashUtil32_28_0_0_137_ActiveX.exe  3,872 K 7,160 K 3880 Adobe® Flash® Player Installer/Uninstaller 28.0 r0 Adobe Systems Incorporated (The digital signature of the object did not verify) Adobe Systems Incorporated
ehtray.exe  1,700 K 2,284 K 1932 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
ehmsas.exe  1,088 K 3,884 K 4264 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe  111,976 K 94,968 K 156 Dropbox Dropbox, Inc. (Verified) Dropbox
DbxSvc.exe  4,628 K 3,060 K 544 Dropbox Service Dropbox, Inc. (Verified) Dropbox
conime.exe  848 K 3,356 K 4768 Console IME Microsoft Corporation (Verified) Microsoft Windows
BrMfcWnd.exe  1,856 K 5,420 K 3904 Brother Status Monitor MFC Application Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
audiodg.exe  16,072 K 13,684 K 1384 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  2,108 K 2,992 K 608 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems


  • 0

#8
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
smss.exe                       552 N/A                                        
csrss.exe                      636 N/A                                        
wininit.exe                    740 N/A                                        
csrss.exe                      756 N/A                                        
services.exe                   788 N/A                                        
lsass.exe                      804 SamSs                                      
lsm.exe                        816 N/A                                        
winlogon.exe                   916 N/A                                        
svchost.exe                    996 DcomLaunch, PlugPlay                       
nvvsvc.exe                    1040 nvsvc                                      
svchost.exe                   1068 RpcSs                                      
svchost.exe                   1116 WinDefend                                  
svchost.exe                   1192 Audiosrv, Dhcp, Eventlog, lmhosts, WPCSvc, 
                                   wscsvc                                     
svchost.exe                   1244 AudioEndpointBuilder, EMDMgmt, IPBusEnum,  
                                   Netman, PcaSvc, SysMain,                   
                                   TabletInputService, TrkWks, UxSms,         
                                   WdiSystemHost, WPDBusEnum, wudfsvc         
svchost.exe                   1272 AeLookupSvc, Appinfo, BITS, CertPropSvc,   
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,     
                                   ProfSvc, RasMan, Schedule, seclogon, SENS, 
                                   SessionEnv, ShellHWDetection, Themes,      
                                   Winmgmt, wuauserv                          
audiodg.exe                   1384 N/A                                        
svchost.exe                   1408 gpsvc                                      
SLsvc.exe                     1424 slsvc                                      
svchost.exe                   1456 EventSystem, fdPHost, FDResPub,            
                                   LanmanWorkstation, Mcx2Svc, netprofm, nsi, 
                                   SSDPSRV, SstpSvc, upnphost, W32Time,       
                                   WebClient, WinHttpAutoProxySvc             
rundll32.exe                  1580 N/A                                        
svchost.exe                   1644 CryptSvc, Dnscache, KtmRm, NlaSvc, TapiSrv,
                                   TermService                                
taskeng.exe                   1804 N/A                                        
spoolsv.exe                   1836 Spooler                                    
svchost.exe                   1900 BFE, DPS, MpsSvc                           
armsvc.exe                     608 AdobeARMservice                            
avp.exe                        628 AVP17.0.0                                  
DbxSvc.exe                     544 DbxSvc                                     
ksde.exe                      1624 KSDE1.0.0                                  
LSSrvc.exe                    1960 LightScribeService                         
LVPrcSrv.exe                  2052 LVPrcSrv                                   
svchost.exe                   2108 PolicyAgent                                
svchost.exe                   2156 stisvc                                     
svchost.exe                   2220 WerSvc                                     
SearchIndexer.exe             2360 WSearch                                    
XAudio.exe                    2412 XAudioService                              
dwm.exe                       3452 N/A                                        
explorer.exe                  3472 N/A                                        
wpcumi.exe                    4020 N/A                                        
RtHDVCpl.exe                  4040 N/A                                        
RIMBBLaunchAgent.exe           736 N/A                                        
pptd40nt.exe                  2100 N/A                                        
rundll32.exe                   728 N/A                                        
WUDFHost.exe                  2388 N/A                                        
avpui.exe                     1224 N/A                                        
taskeng.exe                   2128 N/A                                        
hpsysdrv.exe                  2436 N/A                                        
hpwuschd2.exe                 3540 N/A                                        
BrMfcWnd.exe                  3904 N/A                                        
Dropbox.exe                    156 N/A                                        
ehtray.exe                    1932 N/A                                        
EDICT.EXE                     4060 N/A                                        
wmpnscfg.exe                  1492 N/A                                        
rundll32.exe                   376 N/A                                        
ONENOTEM.EXE                  2244 N/A                                        
ehmsas.exe                    4264 N/A                                        
wmpnetwk.exe                  4912 WMPNetworkSvc                              
unsecapp.exe                  5832 N/A                                        
WmiPrvSE.exe                  3848 N/A                                        
conime.exe                    4768 N/A                                        
kbd.exe                       3784 N/A                                        
svchost.exe                   5400 FontCache                                  
HPHC_Service.exe              4824 HP Health Check Service                    
MpCmdRun.exe                  4688 N/A                                        
iexplore.exe                  4224 N/A                                        
iexplore.exe                  4340 N/A                                        
FlashUtil32_28_0_0_137_Ac     3880 N/A                                        
cmd.exe                       4704 N/A                                        
tasklist.exe                  5392 N/A                                        
WmiPrvSE.exe                  5368 N/A                                        
 


  • 0

#9
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi, I followed the instruction almost to completion. I could not get access to the 'cbs logs' to show you.
And I didnt get the version of Speccy to finish what you requested. When I clicked on the Filehippo link
it would not go to the website, it showed this popup page: 

 

'Internet Explorer cannot display the webpage'
  What you can try:
 
Diagnose Connection Problems

 
More information

 

This problem can be caused by a variety of issues, including:
•Internet connectivity has been lost.
•The website is temporarily unavailable.
•The Domain Name Server (DNS) is not reachable.
•The Domain Name Server (DNS) does not have a listing for the website's domain.
•There might be a typing error in the address.
•If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to
be sure the SSL and TLS protocols are enabled under the security section.

For offline users

 You can still view subscribed feeds and some recently viewed webpages.
 To view subscribed feeds:
1.Click the Favorites button , click Feeds, and then click the feed you want to view.

To view recently visited webpages (might not work on all pages):
1.Press Alt, click File, and then click Work Offline.
2.Click the Favorites button , click History, and then click the page you want to view.
 
 .


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,310 posts
  • MVP

Try:

 

https://filehippo.com/download_speccy/

 

The forum software added something to the URL that kept it from working.

 

From your VEW logs:

 

Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the KSDE1.0.0 service.

 

 

These errors are caused by Kaspersky Secure Connection.  For some reason it is not working. You can just uninstall Kaspersky Secure Connection
That won't keep Kaspersky from working tho it might cause Kaspersky to complain a bit.

 

This is something that uses the network so it might be causing your problem.

 

 

From Process Explorer we see this line which indicates it is running slow:

 

svchost.exe 50.00 686,596 K 496,836 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

 

 

 

This is way too much CPU %.  The junk file shows us what services are running on it:

 

svchost.exe                   1272 AeLookupSvc, Appinfo, BITS, CertPropSvc,   
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,     
                                   ProfSvc, RasMan, Schedule, seclogon, SENS, 
                                   SessionEnv, ShellHWDetection, Themes,      
                                   Winmgmt, wuauserv

 

   

 

The usual problem service is wuauserv.  This is Windows Update.  

 

Search for

services.msc

hit Enter.  That should bring up the Services menu.  Scroll down to Windows Update and right click and select Properties.  Stop the service.  

 

Now go back to Process Explorer and make a new log like before.  If System Idle is now the top line then Windows Update was the problem.

 

  In that case try   

 

Windows Repair all in one

http://www.tweaking....all_in_one.html

Download it and save it then run it by right click and Run As Admin.

 

You can skip to step 4 or 5 where it gives you the same picture as in the above link.

Make sure the only item checked before hitting Start is:

Repair Windows Updates


Reboot when done and run Process Explorer again as before.

              


  • 0

Advertisements


#11
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 1.49 0 K 24 K 0   
procexp.exe 10.59 26,224 K 35,972 K 3008 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 2.94 65,080 K 74,308 K 3736 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.59 72,408 K 72,884 K 1324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.59 3,444 K 5,968 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.59 34,208 K 48,980 K 3772 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 0.75 0 K 1,228 K 4   
avp.exe < 0.01 179,252 K 57,768 K 1500 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
csrss.exe 1.49 2,184 K 8,756 K 816 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
lsass.exe < 0.01 4,212 K 8,104 K 864   
iexplore.exe < 0.01 158,792 K 197,576 K 2244 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 15,768 K 11,752 K 1804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avpui.exe < 0.01 81,712 K 4,440 K 2216 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
iexplore.exe < 0.01 11,904 K 24,144 K 748 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
rundll32.exe < 0.01 3,848 K 5,360 K 1668 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
EDICT.EXE < 0.01 29,132 K 18,980 K 4976 Microsoft Encarta Dictionaries Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe < 0.01 42,548 K 18,280 K 2336 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 93,268 K 98,904 K 1336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 6,836 K 8,500 K 1984 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
Interrupts 1.49 0 K 0 K n/a Hardware Interrupts and DPCs  
XAudio.exe  796 K 2,248 K 2380 Modem Audio Service Conexant Systems, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe  2,756 K 4,104 K 2700 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wpcumi.exe  2,992 K 5,520 K 1020 Windows Parental Control Notifications Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe  1,968 K 5,780 K 604 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  3,492 K 6,700 K 3932 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  4,228 K 6,860 K 5248 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  2,016 K 4,928 K 936 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  1,268 K 3,712 K 796 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe  2,296 K 4,712 K 4164 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe  16,992 K 17,384 K 2604 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  9,196 K 8,832 K 3780 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  2,004 K 5,852 K 1956 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,744 K 5,636 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  45,528 K 53,824 K 1180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  17,972 K 12,476 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  7,864 K 9,880 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  14,120 K 10,184 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,228 K 4,444 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,136 K 4,644 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,484 K 6,148 K 2100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  596 K 2,152 K 2228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,752 K 68,616 K 5380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe  312 K 712 K 612 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe  7,152 K 4,336 K 1508 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe  2,556 K 6,372 K 848 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe  4,600 K 7,932 K 5012 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe  3,160 K 4,224 K 3076 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe  9,012 K 6,292 K 1356 HD Audio Control Panel Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RIMBBLaunchAgent.exe  2,980 K 4,492 K 1592 Launch Agent Service Research In Motion Limited (Verified) Research In Motion
pptd40nt.exe  2,300 K 2,948 K 3912 PaperPort Print to Desktop for NT ScanSoft, Inc. (No signature was present in the subject) ScanSoft, Inc.
ONENOTEM.EXE  1,108 K 536 K 5024 Microsoft Office OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
nvvsvc.exe  1,156 K 3,088 K 1108 NVIDIA Driver Helper Service, Version 175.21 NVIDIA Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
LVPrcSrv.exe  1,576 K 3,832 K 1456 Logitech LVPrcSrv Module. Logitech Inc. (Verified) Logitech Inc
LSSrvc.exe  1,108 K 3,328 K 1752 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
lsm.exe  2,340 K 4,600 K 872 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
kbd.exe  9,644 K 9,312 K 4692 KBD EXE Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpwuschd2.exe  940 K 2,724 K 4648 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hpsysdrv.exe  744 K 2,376 K 4592 hpsysdrv Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
HPHC_Service.exe  10,720 K 9,024 K 5680 HP Health Check Service Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
FlashUtil32_28_0_0_137_ActiveX.exe  3,888 K 7,212 K 3788 Adobe® Flash® Player Installer/Uninstaller 28.0 r0 Adobe Systems Incorporated (The digital signature of the object did not verify) Adobe Systems Incorporated
ehtray.exe  1,644 K 2,400 K 5152 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
ehmsas.exe  1,076 K 4,032 K 5236 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe  111,548 K 115,824 K 4844 Dropbox Dropbox, Inc. (Verified) Dropbox
DbxSvc.exe  4,640 K 3,108 K 1796 Dropbox Service Dropbox, Inc. (Verified) Dropbox
csrss.exe < 0.01 1,924 K 5,108 K 744 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
BrMfcWnd.exe  1,864 K 5,344 K 4764 Brother Status Monitor MFC Application Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
audiodg.exe  15,700 K 13,456 K 1464 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  2,112 K 3,036 K 1200 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems


  • 0

#12
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi, this is Process Explorer after tweaking repair,

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process < 0.01 0 K 24 K 0   
procexp.exe 8.96 25,408 K 34,652 K 5984 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs  
svchost.exe 1.49 18,840 K 19,536 K 1676 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
dwm.exe 1.49 62,764 K 67,576 K 3720 Desktop Window Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System 1.49 0 K 4,608 K 4   
svchost.exe 0.75 58,888 K 62,632 K 1296 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
explorer.exe 0.75 30,104 K 46,004 K 3748 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
avp.exe < 0.01 165,264 K 112,844 K 996 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
wmi32.exe < 0.01 1,528 K 4,632 K 724 WMI x64 Helper AO Kaspersky Lab (Verified) Kaspersky Lab
svchost.exe < 0.01 21,496 K 29,468 K 1336 Host Process for Windows Services Microsoft Corporation Verifying...
svchost.exe < 0.01 632 K 2,328 K 2520 Host Process for Windows Services Microsoft Corporation Verifying...
csrss.exe < 0.01 1,724 K 7,568 K 816 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe < 0.01 3,384 K 6,424 K 2864 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
avpui.exe < 0.01 8,320 K 11,748 K 1372 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
wmpnetwk.exe < 0.01 5,884 K 11,452 K 3800 Windows Media Player Network Sharing Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lsass.exe < 0.01 3,776 K 9,556 K 864   
svchost.exe < 0.01 3,152 K 6,304 K 1124 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SearchIndexer.exe < 0.01 39,924 K 15,276 K 2652 Microsoft Windows Search Indexer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe < 0.01 1,944 K 6,348 K 744 Client Server Runtime Process Microsoft Corporation Verifying...
rundll32.exe < 0.01 3,856 K 6,696 K 1648 Windows host process (Rundll32) Microsoft Corporation Verifying...
svchost.exe < 0.01 47,000 K 35,496 K 1164 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
services.exe < 0.01 2,960 K 7,068 K 848 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HPHC_Service.exe < 0.01 11,636 K 8,928 K 4584 HP Health Check Service Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
spoolsv.exe < 0.01 6,500 K 10,568 K 1924 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
XAudio.exe  792 K 2,548 K 2820 Modem Audio Service Conexant Systems, Inc. (No signature was present in the subject) Conexant Systems, Inc.
WUDFHost.exe  2,784 K 5,192 K 2968 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WR_Tray_Icon.exe  1,272 K 4,776 K 3992 Tweaking.com - Windows Repair Tray Icon Tweaking.com (Verified) Tweaking LLC
wpcumi.exe  3,024 K 6,352 K 3336 Windows Parental Control Notifications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wmpnscfg.exe  1,928 K 5,576 K 4076 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe  4,264 K 6,952 K 4732 WMI Provider Host Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe  2,004 K 5,784 K 920 Windows Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wininit.exe  1,260 K 4,180 K 796 Windows Start-Up Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
unsecapp.exe  2,304 K 4,668 K 4120 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
TrustedInstaller.exe  6,528 K 8,944 K 2996 Windows Modules Installer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskeng.exe  9,276 K 10,192 K 1200 Task Scheduler Engine Microsoft Corporation Verifying...
taskeng.exe  1,472 K 4,808 K 4264 Task Scheduler Engine Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
taskeng.exe  2,028 K 6,080 K 1892 Task Scheduler Engine Microsoft Corporation Verifying...
svchost.exe  14,776 K 12,508 K 1256 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe  8,280 K 13,840 K 1532 Host Process for Windows Services Microsoft Corporation Verifying...
svchost.exe  2,552 K 5,748 K 1052 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe  12,448 K 16,496 K 1952 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe  4,584 K 7,444 K 2488 Host Process for Windows Services Microsoft Corporation Verifying...
svchost.exe  2,128 K 5,412 K 2468 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe  2,056 K 4,988 K 1456 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe  1,592 K 4,384 K 1320 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe  316 K 784 K 604 Windows Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SLsvc.exe  7,132 K 11,808 K 1480 Microsoft Software Licensing Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
rundll32.exe  3,216 K 5,500 K 3860 Windows host process (Rundll32) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
RtHDVCpl.exe  10,592 K 8,848 K 2716 HD Audio Control Panel Realtek Semiconductor (No signature was present in the subject) Realtek Semiconductor
RIMBBLaunchAgent.exe  2,932 K 5,476 K 1264 Launch Agent Service Research In Motion Limited (Verified) Research In Motion
pptd40nt.exe  2,288 K 3,748 K 3828 PaperPort Print to Desktop for NT ScanSoft, Inc. (No signature was present in the subject) ScanSoft, Inc.
nvvsvc.exe  1,152 K 3,328 K 1096 NVIDIA Driver Helper Service, Version 175.21 NVIDIA Corporation (No signature was present in the subject) NVIDIA Corporation
mobsync.exe  3,160 K 6,620 K 1392 Microsoft Sync Center Microsoft Corporation Verifying...
LVPrcSrv.exe  1,516 K 4,040 K 2436 Logitech LVPrcSrv Module. Logitech Inc. (Verified) Logitech Inc
LSSrvc.exe  1,112 K 3,884 K 1752 LightScribe Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
lsm.exe  2,328 K 5,156 K 876 Local Session Manager Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lpksetup.exe  2,072 K 4,528 K 2008 Language Pack Installer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
KbdStub.exe  228 K 216 K 3688   (No signature was present in the subject)
DbxSvc.exe  4,620 K 3,760 K 1348 Dropbox Service Dropbox, Inc. (Verified) Dropbox
audiodg.exe  15,628 K 17,852 K 1432 Windows Audio Device Graph Isolation  Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
armsvc.exe  2,100 K 3,480 K 792 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

 

Sure hope I'm doing this correct...lol. And thanks for your help, Tipper


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,310 posts
  • MVP

Something is now eating up CPU time and not showing in Process Explorer.

 

See if you can get MBAR to work for you:

 

 

https://www.malwareb...om/antirootkit/

 

Just follow the instructions and let me know if it finds anything.

 

Also try aswMBR:

 


Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

Can you get a Speccy log now?


  • 0

#14
Tipper

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi, apology for delay in response...shiftwork.

Ran MBAR and Cleanup said "Congratulations, no cleanup is required, and the Scan finished with no malware found".

I also ran aswMBR, Yes, Fix button is enabled.

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2018-01-25 01:23:02
-----------------------------
01:23:02.143    OS Version: Windows 6.0.6002 Service Pack 2
01:23:02.143    Number of processors: 2 586 0x6B02
01:23:02.143    ComputerName: Tipper-PC  UserName: Tipper
01:23:03.376    Initialize success
01:23:03.438    VM: initialized successfully
01:23:03.438    VM: Amd CPU virtualization not supported
01:28:36.800    AVAST engine defs: 17030301
01:31:36.007    The log file has been saved successfully to "C:\Users\Tipper\Desktop\aswMBR.txt"

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2018-01-25 01:23:02
-----------------------------
01:23:02.143    OS Version: Windows 6.0.6002 Service Pack 2
01:23:02.143    Number of processors: 2 586 0x6B02
01:23:02.143    ComputerName: Tipper-PC  UserName: Tipper
01:23:03.376    Initialize success
01:23:03.438    VM: initialized successfully
01:23:03.438    VM: Amd CPU virtualization not supported
01:28:36.800    AVAST engine defs: 17030301
01:31:36.007    The log file has been saved successfully to "C:\Users\Tipper\Desktop\aswMBR.txt"
01:34:05.354    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
01:34:05.354    Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 6
01:34:05.822    Disk 0 MBR read successfully
01:34:05.837    Disk 0 MBR scan
01:34:05.837    Disk 0 unknown MBR code
01:34:13.029    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       466367 MB offset 63
01:34:13.076    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        10570 MB offset 955121664
01:34:13.091    Disk 0 scanning sectors +976769024
01:34:13.653    Disk 0 scanning C:\Windows\system32\drivers
01:35:04.727    Service scanning
01:35:09.376    Service cm_km C:\Windows\system32\DRIVERS\cm_km.sys **LOCKED** 5
01:35:14.150    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
01:35:14.228    Service klbackupdisk C:\Windows\system32\DRIVERS\klbackupdisk.sys **LOCKED** 5
01:35:14.274    Service kldisk C:\Windows\system32\DRIVERS\kldisk.sys **LOCKED** 5
01:35:14.352    Service klflt C:\Windows\system32\DRIVERS\klflt.sys **LOCKED** 5
01:35:14.446    Service klhk C:\Windows\system32\DRIVERS\klhk.sys **LOCKED** 5
01:35:14.664    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
01:35:14.696    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
01:35:14.774    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
01:35:14.898    Service kltdf C:\Windows\system32\DRIVERS\kltdf.sys **LOCKED** 5
01:35:14.930    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
01:35:15.039    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
01:35:33.431    Modules scanning
01:35:33.431    Disk 0 trace - called modules:
01:35:33.509    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
01:35:33.509    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8e0163e0]
01:35:33.509    3 CLASSPNP.SYS[8a2d88b3] -> nt!IofCallDriver -> [0x8d0b0930]
01:35:33.525    5 acpi.sys[919306bc] -> nt!IofCallDriver -> \Device\0000005e[0x8d0e7ae8]
01:35:35.412    AVAST engine scan C:\
01:58:17.720    Disk 0 MBR has been saved successfully to "C:\Users\Tipper\Desktop\MBR.dat"
01:58:17.735    The log file has been saved successfully to "C:\Users\Tipper\Desktop\aswMBR.txt"

On the third run thru I stopped it before it stopped working to give you this data, hope it helps.

 

When scans stopped the first and second time it was in the process of scanning this file,
(Scanning: C:\ProgramData\Microsoft\IdentityCRL\ppcrlui.dll)

The first scan did not complete with popup and after unchecking Trace Disk 10 on the second scan still did not complete
with popup, both popups were the same, saying....

(Microsoft Windows, "avast! Antirootkit has stopped working....A problem caused the program to stop working
correctly. Windows will close the program and notify you if a solution is available.")

I still have no access to the hippo-Speccy site, on a different site "Softonic.com"  I found Speccy should I trust this site?
Or is there another I should get Speccy from? Tipper

 

 

 


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,310 posts
  • MVP

Try:

https://filehippo.com/download_speccy

I think the forum software tacked on some garbage.

 

 

 

I also think you need a new browser.  IE9 is obsolete and not very safe.  Unfortunately MS is trying to forget that they ever made Vista so you can't upgrade to 10 or 11 on Vista.  It's always best to have a second browser anyway just in case something happens to IE. 

 

Turns out none of the major browsers support Vista these days.  Probably your best bet is to get Opera 36

 

https://blogs.opera....2130-65-update/

 

Then see if you can get speccy from filehippo

 

https://filehippo.com/download_speccy

 

Please make a new Process Explorer log.  Make sure you wait a full minute before saving the log.

 

The only thing that aswMBR found was a bunch of Kaspersky files so do not hit the Fix button.  Do submit the mbr.dat file on your desktop to virustotal just to make sure it's good:

 

Easiest way to submit a file is to copy the path:

C:\Users\Tipper\Desktop\MBR.dat

Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with mbr.dat chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50+ different anti-virus companies.  In either case, If the Detection ratio: is not    0 / 50+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP