1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress stub32i.exe malware

Discussion in 'Virus & Other Malware Removal' started by anniebanany, Jul 13, 2017.

Advertisement
  1. anniebanany

    anniebanany Thread Starter

    Joined:
    Nov 30, 2001
    Messages:
    5
    I was trying to download a copy of Quickbooks but was suspicious of it. I see at the bottom of the properties file waiting to be installed 'stub32i.exe' and know it is malware now. Can I delete it? I have not installed the software and it is sitting on my desktop. Please help. There are so many sites with malware removal but I only trust you from previous experiences.
    Kind regards
    Anniebanany.
     
  2. Sponsor

  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,527
  4. anniebanany

    anniebanany Thread Starter

    Joined:
    Nov 30, 2001
    Messages:
    5
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Pentium(R) CPU G3260 @ 3.30GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 2
    RAM: 3769 Mb
    Graphics Card: Intel(R) HD Graphics, 1024 Mb
    Hard Drives: C: 465 GB (359 GB Free); E: 465 GB (405 GB Free); F: 931 GB (500 GB Free);
    Motherboard: ASRock, H81M-DG4
    Antivirus: Kaspersky Total Security, Enabled and Updated
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,527
    annie,
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.
     
  6. anniebanany

    anniebanany Thread Starter

    Joined:
    Nov 30, 2001
    Messages:
    5
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
    Ran by User (16-07-2017 20:33:37)
    Running from C:\Users\User\Pictures\advance logo
    Windows 7 Home Premium Service Pack 1 (X64) (2016-06-21 11:33:52)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3518771454-526531700-631524584-500 - Administrator - Disabled)
    Guest (S-1-5-21-3518771454-526531700-631524584-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3518771454-526531700-631524584-1003 - Limited - Enabled)
    User (S-1-5-21-3518771454-526531700-631524584-1000 - Administrator - Enabled) => C:\Users\User

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
    Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
    AVIGenerator2.0 2.0.0.7 (HKLM-x32\...\AVIGenerator2.0) (Version: 2.0.0.7 - )
    Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
    Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.0.9 - )
    Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.3.0.8 - )
    Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.3.1.5 - )
    Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.5.1.4 - )
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.4.0.14 - )
    Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.5.0.8 - )
    Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.0.8 - )
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.19.43 - )
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.8.0.74 - )
    Citrix Online Launcher (HKLM-x32\...\{97C200CA-BF24-41B9-B111-A7E47F8FD57E}) (Version: 1.0.456 - Citrix)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    GoToMeeting 8.7.0.7155 (HKU\S-1-5-21-3518771454-526531700-631524584-1000\...\GoToMeeting) (Version: 8.7.0.7155 - CitrixOnline)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.4.19.3 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.7.27.15 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
    Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3518771454-526531700-631524584-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
    QuickBooks (HKLM-x32\...\{1D972553-29C8-442F-97F1-136B7F15E7E6}) (Version: 19.0.4004.1100 - Intuit Limited) Hidden
    QuickBooks Pro 2010 (HKLM-x32\...\{B0908CA7-E03C-4ACD-832C-CCE5E992BAD9}) (Version: 19.0.4004.1100 - Intuit Limited)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3518771454-526531700-631524584-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518771454-526531700-631524584-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-3518771454-526531700-631524584-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\User\AppData\Local\Citrix\GoToMeeting\6956\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-3518771454-526531700-631524584-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncApi64.dll => No File
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll -> No File
    ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers01: [iSkysoftVideoConverterFileOpreation] -> {BB35DE05-89D6-4D8F-95DE-A27DF8156D91} => C:\Windows\SysWOW64\ISCM64.dll [2015-02-27] ()
    ContextMenuHandlers01: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-28] (AO Kaspersky Lab)
    ContextMenuHandlers02: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-28] (AO Kaspersky Lab)
    ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers04: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-28] (AO Kaspersky Lab)
    ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
    ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-09] (Intel Corporation)
    ContextMenuHandlers06: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\shellex.dll [2017-04-28] (AO Kaspersky Lab)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05861179-8C75-420D-A175-FFD2A6718147} - System32\Tasks\{26891B96-BED2-4194-A9AF-AA4FB3D7BACC} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {060A27F5-37EB-44EE-A3AE-45C56C2CF150} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-01] ()
    Task: {06699D99-39DC-4238-A3E5-313A9D55023E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-01] (Microsoft Corporation)
    Task: {09A4F3AC-387F-4A15-AC98-94FF742671AC} - System32\Tasks\HP AR Program Upload - ec3942abc2e14f81a9c9a748e4eebea78a69c60454f244bca2bb47bf4f5724fc => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {0E2C78BE-006E-43ED-96A6-1F02FDA04DD2} - System32\Tasks\HP AR Program Upload - eea5734073c045d0a20c237ee703f7ffc469f83e646d4612b8280529ca9054f4 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {16D48013-64AD-4183-BA09-637D54C36F73} - System32\Tasks\{8E2C1E85-9AD5-4AEB-86DA-1A0B01588A9B} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {1780B465-B7DE-4BA5-991D-F25D1465E002} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
    Task: {1D122B82-A68A-4AA8-8720-F3E1A436F7DC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
    Task: {28290A50-6146-4541-805B-1CE0F320BFCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
    Task: {2FBD3C1F-95CD-4853-9549-9978EA755E72} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {4579D6EC-EAE7-49F0-9BC2-3496D0ED44DF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
    Task: {46576F2C-53B2-4936-861D-5795C06F73F6} - System32\Tasks\HP AR Program Upload - 5cc0100bb591464294228bb64633cef1a03611f5fb914c4c998bf56f20f7de5f => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {5EABBCDD-6069-49BD-B4BD-0EAC79453706} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
    Task: {5F624A84-A304-42F1-AE18-5ECE69130DFB} - System32\Tasks\HP AR Program Upload - adc29320d6ce4874af29d4b207dc6628bdd755e499a3425a86684f99d0e17a9d => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {62E5A80F-2C5E-420F-9A99-105E5E823CCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
    Task: {64F62148-01A5-41D5-B9C5-89B104624D17} - System32\Tasks\{24462DCB-2542-4328-8419-CF65E6E096C9} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {6D544B06-B766-4305-AA04-7E48C1E33511} - System32\Tasks\{5435DE79-E453-4D22-A499-83D6648F908B} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {700E42B8-255F-4B4E-9665-5E0C6E7E747B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
    Task: {71199E0B-5BC0-4E51-8BC9-7A5D251FC6EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-21] (Google Inc.)
    Task: {75554703-EAFA-49AC-A0A7-D679D69FA369} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
    Task: {810A60CD-A352-4788-88CE-E2030DBAC604} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
    Task: {8199257E-57BA-4CC2-83C1-3EE942736DC6} - System32\Tasks\HP AR Program Upload - c631603017c14f2d9bad312a9d054b2fe9ca92a45de94de1bbfa791572111496 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {8AECF086-5163-4CC4-9B83-BE4CFCA16D4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
    Task: {8C8EADB2-0C53-4E4B-95BD-3122EC67DD95} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-27] (Dropbox, Inc.)
    Task: {A2BBC285-B22E-46EC-B6D0-67FB9672EBF3} - System32\Tasks\G2MUpdateTask-S-1-5-21-3518771454-526531700-631524584-1000 => C:\Users\User\AppData\Local\Citrix\GoToMeeting\7155\g2mupdate.exe [2017-06-13] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {A5348D92-D25D-4FFF-BFDD-C813EBB00087} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {A6E2F679-0587-49FD-BE50-7056A42EADC1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-01] ()
    Task: {AE566C42-24FA-49A3-A1BE-7A44D0430242} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-01] (Microsoft Corporation)
    Task: {B2F5C828-0E9C-48BD-BA5F-793498848CE4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-27] (Dropbox, Inc.)
    Task: {B583EE1B-8C37-41C3-9FCE-BCB991F275F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {C64DAEC2-8F77-4EAF-9D36-3093F48157FD} - System32\Tasks\{6630E88C-D57F-492C-8AED-F301F494246F} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {C64F96E0-DA34-42E5-B25E-62096B909425} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-15] (Adobe Systems Incorporated)
    Task: {CA4A37C9-C44A-4AFE-8656-FDC3304816A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-01] (Microsoft Corporation)
    Task: {D23947B5-8F4F-4934-BAC9-30385362EE10} - System32\Tasks\{4D62B080-8B9B-467A-BD39-882D189BC438} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {DB04BBF2-0C37-4E8B-BE28-35AD4CC6BE1E} - System32\Tasks\{18B91980-B243-4010-89D0-9D6AC04F8BE9} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {DF8590B2-FB57-4B63-9194-98B3465C6E83} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
    Task: {E13CE98B-5614-424A-A268-BA4D45287DAB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {E1E1DB02-661E-4C01-91DB-F253F98358EF} - System32\Tasks\G2MUploadTask-S-1-5-21-3518771454-526531700-631524584-1000 => C:\Users\User\AppData\Local\Citrix\GoToMeeting\7155\g2mupload.exe [2017-06-13] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {E3A350A6-F182-4FFB-A0C7-97C002EEB3CD} - System32\Tasks\HP AR Program Upload - 45ec8c157090460f80030fd6d0e9eb797af2d2333b08492abf1275b0bad48aec => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {F0BBEC91-BF48-4D90-B595-5816A8250434} - System32\Tasks\{C047B151-F3FD-493F-8BBB-672A675B5F92} => C:\Program Files (x86)\Intuit\QuickBooks 2010\QBW32Pro.exe [2011-03-08] (Intuit Limited.)
    Task: {F5D89BDE-370B-40C9-8F5D-5D4FBD97B7F3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3518771454-526531700-631524584-1000.job => C:\Users\User\AppData\Local\Citrix\GoToMeeting\7155\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3518771454-526531700-631524584-1000.job => C:\Users\User\AppData\Local\Citrix\GoToMeeting\7155\g2mupload.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-11-09 17:30 - 2016-11-09 17:30 - 00959168 _____ () C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2016-12-05 12:02 - 2017-07-12 21:01 - 00025408 _____ () C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    2017-06-27 21:14 - 2017-06-23 04:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
    2017-06-27 21:14 - 2017-06-23 04:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
    2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
    2016-07-06 11:48 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
    2016-07-06 11:48 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
    2017-07-13 22:24 - 2017-07-12 20:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2017-07-13 22:24 - 2017-07-12 20:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2016-12-05 12:02 - 2017-07-12 20:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-12-05 12:02 - 2017-07-12 21:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2017-07-13 22:24 - 2017-07-12 20:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2017-07-13 22:24 - 2017-07-12 20:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2017-07-13 22:24 - 2017-07-12 20:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-12-05 12:02 - 2017-07-12 20:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-12-05 12:02 - 2017-07-12 21:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2017-07-13 22:24 - 2017-07-12 20:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2017-07-13 22:24 - 2017-07-12 20:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-12-05 12:02 - 2017-07-12 21:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-12-05 12:02 - 2017-07-12 21:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2017-05-18 10:53 - 2017-07-12 21:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
    2016-12-05 12:02 - 2017-07-12 21:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2017-02-28 10:17 - 2017-07-12 21:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
    2017-01-24 00:33 - 2017-07-12 21:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
    2017-01-24 00:33 - 2017-07-12 21:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
    2017-01-24 00:33 - 2017-07-12 21:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
    2017-01-24 00:33 - 2017-07-12 21:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
    2016-12-05 12:02 - 2017-07-12 20:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-12-05 12:02 - 2017-07-12 21:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2017-07-13 22:24 - 2017-07-12 20:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2017-07-13 22:24 - 2017-07-12 20:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-12-05 12:02 - 2017-07-12 21:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
    2017-07-13 22:24 - 2017-07-12 20:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2017-07-13 22:24 - 2017-07-12 20:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-12-05 12:02 - 2017-07-12 21:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2017-04-07 20:10 - 2017-07-12 21:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2017-07-13 22:24 - 2017-07-12 21:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2016-06-21 12:52 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3518771454-526531700-631524584-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 79.140.223.226
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{00B67B6E-7251-4C8A-8C36-4D0FBBD32C9E}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS601A\HPDiagnosticCoreUI.exe
    FirewallRules: [{5EE03E89-339A-4586-9141-CFE2ADB6C962}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS601A\HPDiagnosticCoreUI.exe
    FirewallRules: [{D4283B2A-BE99-49B0-BBD6-5299246042EE}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS2561\HPDiagnosticCoreUI.exe
    FirewallRules: [{9418DB39-96DC-40DB-B79B-DFE4D642C006}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS2561\HPDiagnosticCoreUI.exe
    FirewallRules: [{3FFA9D66-747F-4AE1-A433-7CC6D2854AE6}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
    FirewallRules: [{E8179BDA-6B71-4380-9673-ADEC37EAEF3E}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{9879F470-14BA-46B0-886F-E56A414CBF8E}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{7A0FC8F0-233C-4797-A844-F2CEEF43E6E8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{B5CBDB9C-5923-4018-8E33-076E4BBAC7DA}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{28DCA2A7-08AF-46D1-9EAD-B8AE5E48DD79}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS221B\HPDiagnosticCoreUI.exe
    FirewallRules: [{FACBA058-52D1-4AE2-AFB4-08D72CEA8205}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS221B\HPDiagnosticCoreUI.exe
    FirewallRules: [{415D0062-F0A2-4BE9-B1CE-26B224D22BD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{8E54CCE8-F35D-415C-B3F7-83C5AB002927}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{7F553F9D-6CA9-47E7-A139-6B6C2555781E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{5BADAB40-61C6-4F15-ABF4-CB15501F47DF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{96F131F3-B3C9-4B09-8383-5076B129E1B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{1CCF0616-8A11-4BD5-BD6B-7AE66809C9D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2611334C-32C4-4B75-95BA-53E2EAB30113}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    03-07-2017 22:18:13 Windows Backup
    04-07-2017 03:00:21 Windows Update
    07-07-2017 15:46:52 Windows Update
    09-07-2017 22:51:53 Windows Backup
    14-07-2017 10:45:46 Windows Update
    15-07-2017 00:43:20 Windows Backup
    15-07-2017 02:44:24 Windows Update
    16-07-2017 20:05:08 Windows Backup

    ==================== Faulty Device Manager Devices =============

    Name: klids
    Description: klids
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: klids
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/16/2017 08:03:32 PM) (Source: HP Active Health) (EventID: 2200) (User: )
    Description: Agent DriverCrash threw an exception: System.IndexOutOfRangeException: Index was outside the bounds of the array.
    at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile)
    at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
    at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)

    Error: (07/16/2017 07:59:28 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/16/2017 07:53:20 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\MFC80.DLL".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/16/2017 07:53:20 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2\MFC80.DLL".
    Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/16/2017 07:52:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (07/16/2017 07:49:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (07/15/2017 12:42:26 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/15/2017 12:42:26 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/14/2017 10:56:25 AM) (Source: HP Active Health) (EventID: 2200) (User: )
    Description: Agent DriverCrash threw an exception: System.IndexOutOfRangeException: Index was outside the bounds of the array.
    at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.ParseMinidump(FileInfo minidumpFile)
    at HP.ActiveHealth.Agents.DriverCrash.DriverCrashAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
    at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)

    Error: (07/14/2017 10:33:46 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (07/15/2017 02:44:07 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/15/2017 12:38:36 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} did not register with DCOM within the required timeout.

    Error: (07/12/2017 11:17:26 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/12/2017 01:12:05 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/11/2017 01:07:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Server service terminated with the following error:
    Not enough storage is available to complete this operation.

    Error: (07/11/2017 12:47:09 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/09/2017 11:37:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

    Error: (07/09/2017 11:36:51 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/04/2017 11:15:44 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (07/03/2017 10:06:41 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 15:42:14 on ‎02/‎07/‎2017 was unexpected.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU G3260 @ 3.30GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3769.81 MB
    Available physical RAM: 1640.78 MB
    Total Virtual: 7537.8 MB
    Available Virtual: 5039.06 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:358.87 GB) NTFS
    Drive e: (New Volume) (Fixed) (Total:465.76 GB) (Free:405.65 GB) NTFS
    Drive f: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:498.15 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E5514910)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 729B2670)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: 2133B059)
    Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,527
    That was fine.
    In the same location as Addition.txt is also a file named Frst.txt
    I need you to post the contents of that one also.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1192969