Solved Something hanging up IE

glhglh · Sep 27, 2017

Addition 2

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] ()
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2015-08-13] (RealNetworks, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-28] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers1_S-1-5-21-2403600405-3902123954-3795360202-1001: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation)
ContextMenuHandlers2_S-1-5-21-2403600405-3902123954-3795360202-1001: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation)
ContextMenuHandlers6_S-1-5-21-2403600405-3902123954-3795360202-1001: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0905BCD3-5D7E-410A-B0D1-59DE254399E8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-24] (Microsoft Corporation)
Task: {1544BA8F-FD47-4059-99FE-1B0002284585} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {1C73883D-66AD-4760-8D37-1327C514ADC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-15] (HP Inc.)
Task: {1D0C8C59-E1E4-4746-A81C-71ECF3778CB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {24D8A619-7B3B-43EC-8FF6-132521DA3B90} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {28BC9D05-2BA6-4736-9F46-841E522F9C31} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2F98104A-E9F8-4DE6-B471-661DB27FEACF} - System32\Tasks\{46D752A8-C8E0-4EB9-B88A-4362C50D05BA} => C:\Windows\system32\pcalua.exe -a "C:\Dropbox\GLH Download\Diisplay Link\USB GRAPHIC DRIVER\Setup.exe" -d "C:\Dropbox\GLH Download\Diisplay Link\USB GRAPHIC DRIVER"
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {390EC0A0-0508-414E-8397-CE6F2E55BAC8} - System32\Tasks\{87AAFE95-9666-4966-95DB-465031E152A1} => C:\Windows\system32\pcalua.exe -a "C:\Dropbox\GLH Download\HP Drivers\HP ENVY Notebook - 17t-k200 CTO\sp68122.exe" -d "C:\Dropbox\GLH Download\HP Drivers\HP ENVY Notebook - 17t-k200 CTO"
Task: {44BB65C3-BDFD-40CB-A8B1-0D9169DFBCCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {54B3A259-91E7-4FCE-913A-155C562CC4C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {55B1AA06-06C5-442F-A0E4-18CECF2E2FE7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {6AA098F5-8984-4BE3-B770-2535E225B3EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001UA => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {6B2CCD51-A543-4F28-B5FE-78C6A00F51C5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {6F1A7F0C-D2A6-44CC-B861-28A2AC7D6CC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-24] (Microsoft Corporation)
Task: {75645D09-6CBE-4128-915F-95FC10E196D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {768FD6CE-7091-4D2C-B2F9-58596E02BFD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {78562D46-AE01-40D8-8DAD-B7A0E76F17B0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {79BB114C-E8C3-4FDA-B3B6-7F188CD46547} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-09-24] (Microsoft Corporation)
Task: {7BCDB777-4260-42F5-81EC-C3EEC2BF5326} - System32\Tasks\HPCeeScheduleForGary => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {7DD79809-EFC1-4401-85DC-F852A2E3D634} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {7EC467EF-769A-413C-8CC8-E388D7B09897} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2403600405-3902123954-3795360202-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {7FC242E9-CE67-49FB-A098-C77B271881FC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-24] ()
Task: {838335FA-E476-450D-82C3-0068BFB011CF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {853B3BC7-D49D-46B0-B3E5-37057984B84B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8692774E-A22A-4C30-976E-4FCA459EE9E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8E354C81-F39D-412E-A39D-1E5495B77ECC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001UA1d258aadab2aa69 => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {9888A3C4-D416-4E8C-891C-5A9D0A6C4031} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
Task: {9A4A2615-06B6-4626-BF30-80E2E658DA44} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-09-11] (Siber Systems)
Task: {9EC59B4F-6F76-4EBC-9BC6-CCE83F3E08C9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-06] (Dropbox, Inc.)
Task: {A27AC42E-C563-409C-B77D-48194FED25DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A5CF4B9E-A65C-429A-90DB-960CA5E66064} - System32\Tasks\HPCustParticipation HP Officejet 7500 E910 => C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A92CA300-4903-431B-8CDD-65E89C297951} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001Core => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {AE7F142E-94B5-422C-BA70-6A5BC697E402} - System32\Tasks\{79F3B84A-7FC8-43A2-BFCE-80182DDD1827} => C:\Windows\system32\pcalua.exe -a "E:\USB GRAPHIC DRIVER\Setup.exe" -d "E:\USB GRAPHIC DRIVER"
Task: {AEAA2163-E0C4-4BC8-9A60-F9792655538B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2403600405-3902123954-3795360202-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {B08F337E-3634-49DC-98B8-5FEAA2239EEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {B26DE0AC-5DA2-49CC-AE00-758CF1EF4346} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-06] (Dropbox, Inc.)
Task: {B8C0BCF4-E6B2-452E-AEEA-2756B52539AE} - System32\Tasks\GoogleUpdateTaskMachineUA1d0a4ad71dde5b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {BE390BC6-199E-4DD8-867A-A6B6AFB7F8F8} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {C05122D1-DBD7-46EA-9E10-A49B9EF9FEAB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001Core1d258aadaa8e4d5 => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {CB2B6229-AC39-4A88-A322-2E0EAE38391D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {CE902053-D431-48CD-B575-CC6C4A1FA49B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D25E54F2-7893-462E-80F4-F79E9A881E8F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {D5FBF8DB-B7C5-48CD-9AFA-55364D5565C5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D6FD3D7A-93FB-45EC-B132-5766FB39920D} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMKJKJPMHMIMMJNJLJCNJMOMLMKJCNLMLMLJMJCNHMMJGMJMCNKJJJNMOMNMMMNJJMKJNJKMPMJNJICMHMCNLMCNOMFMOMOMCNKMLMPMCNOMKMPMJMMMFMPMCNPMCNOMKMPMJMMMCNNMJNPICMOMFMEKMICNJJCKFMHMNMNMJNHICMMJBJKJLIMJJNBJCMILOJNIGIJNKJCMJNNICMJNDJCMKJBJJNMJC (the data entry has 52 more characters).
Task: {DA84EFA7-618C-416B-AF56-849819D6CBE6} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2403600405-3902123954-3795360202-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.)
Task: {DE9F974F-1818-419E-8D9A-9D366F2CD49F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E93B6A0A-70D3-4E7B-A203-AA78A5966AC1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {F0D8D181-B2F8-4D1C-BC71-C9E549C605C1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001Core.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001UA.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGary.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-10-16 02:13 - 2013-10-16 02:13 - 000457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 000022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2013-08-02 18:23 - 2013-08-02 18:23 - 000032888 _____ () C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe
2014-10-23 07:12 - 2014-10-23 07:12 - 000032784 _____ () C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe
2015-07-26 11:45 - 2015-06-09 20:55 - 000179200 _____ () C:\PostgreSQL\9.3\bin\LIBPQ.dll
2015-07-26 11:45 - 2014-02-05 02:16 - 001336832 _____ () C:\PostgreSQL\9.3\bin\libxml2.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 20:43 - 2017-09-13 20:44 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-24 14:57 - 2017-09-24 14:57 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-24 14:57 - 2017-09-24 14:57 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-13 20:42 - 2017-09-13 20:42 - 029621760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 020305920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 003028992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-05-23 17:25 - 2017-05-23 17:25 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 000117760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-06-06 17:17 - 2017-06-06 17:18 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 034451968 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-09-26 13:41 - 2017-09-26 13:41 - 009145344 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-22 18:03 - 2017-08-22 18:03 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-26 13:41 - 2017-09-26 13:41 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-09-21 17:23 - 2017-09-21 00:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-21 17:23 - 2017-09-21 00:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 003322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 000524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 000108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-20 12:03 - 2017-09-20 04:30 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-20 12:03 - 2017-09-20 04:29 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-20 12:03 - 2017-09-20 04:29 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-20 12:03 - 2017-09-20 04:30 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-20 12:03 - 2017-09-20 04:29 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-20 12:03 - 2017-09-20 04:30 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

glhglh · Sep 27, 2017

Addition 3

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Gary\Desktop\여보세요 - Vol II - Number 4 Page 04b.jpg:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-09-03 16:46 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\StartupApproved\Run: => "TranscodingService"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F3F88C0-D5C3-4CA6-AE9F-BDC263582664}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0F0B9CDD-ADE8-4264-B272-D4BED45B820D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9277631C-685B-4083-85E3-D3B7780D4656}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BBEC4F1-4473-4D8B-BF2E-307C3BFF48AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A445BB5E-2934-4868-B176-6451D911B4C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9C301A-171C-4EFE-BD9A-CE4DABC0494E}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{45E885AA-3D01-4283-A093-AE711D466823}] => (Allow) LPort=31931
FirewallRules: [{B892C506-015B-4E58-94A5-5976CFB4676D}] => (Allow) LPort=14714
FirewallRules: [{3327B8AE-A797-4A24-86FD-5B21E0ECF9B5}] => (Allow) LPort=12972
FirewallRules: [{3EF27F4F-1234-4365-9D6A-CBE58618BA9C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B46064F0-05DF-4147-888C-333F5E815ADD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1405E44C-4B99-43B3-83B0-C51CA5F17006}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{370AB519-58A1-464D-A4D8-A777E9377353}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9AED6C73-2073-41C0-8281-EEF4A5D72F14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C9ED27B9-65C1-4B8E-9B0D-9D8DF83ED9BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DAE26D6E-52DF-4F44-AA83-3E3903B9F4CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED2EBC66-59FA-4279-9618-2AD583CFAB75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A466DAA7-3DE8-4428-AF37-9C3DE8660735}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D15EA9B2-51F5-4F57-8CFF-86D087A0C210}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{979D3FB7-69B4-433F-AAD2-06512B098569}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B1BA00FF-8A42-4E80-A7E2-65B085A131D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FC39DE04-1C0F-4066-A602-E12D9E7E5BFB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{527EB002-761F-4113-B729-FACF6942D673}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E75EE417-3208-4027-9587-18A1B6D85AF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1A30C1BB-B8E0-47D6-94C0-F666BE7FED56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0B58255A-F40E-4AF2-B8C5-F2CFCABBDDEB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{E0FCEE66-C4CD-4E9F-9C76-B7C24EB80D94}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{8A44E6BF-5D5F-4C21-85DC-221E7C7D4775}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{2DCDCBA4-0712-4CD6-87AB-054882C18B5E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{6F2F73B1-EF2F-4FDB-8F87-2DEEB96149C9}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\FaxApplications.exe
FirewallRules: [{12B8787D-32A5-4328-8FEA-6248A9FDD75D}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\DigitalWizards.exe
FirewallRules: [{60EDDB7E-E701-421A-A8F5-E761C0F6C80E}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\SendAFax.exe
FirewallRules: [{68F73BB5-5EB7-4A0B-88DE-559B33D4A441}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe
FirewallRules: [{BDED6DD7-0FF7-4C00-B09F-91AF508231BF}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{98E01767-9A16-4F3E-9DCE-81F1EB848408}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A9CA5D57-597E-4B24-B79B-048CB5F76B15}] => (Allow) %ProgramFiles% (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [TCP Query User{6D5B8819-DABA-4BE4-AF77-AF1BA5B3DBC8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{491826F9-0590-4C4C-91D7-6138E50AD40F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{2D6F0D1C-91B7-4C07-859C-1C28ED6CFD5E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2A979658-CED4-4192-BD42-7EF1F8FC1C41}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{6FF7DBD6-8D0E-48B5-819D-74B418F5CB3A}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe
FirewallRules: [UDP Query User{16E766E6-CBBD-4DB7-B978-21FA9DC8BC37}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe
FirewallRules: [{A67EB6A1-35E2-43C3-9DE4-6B6AF4D1329B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{2BC2771D-042E-48CA-8F78-105D21C1B0A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{28411F5C-9277-4E3B-8B2C-983791460E8F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{6EA43F74-431E-45F8-AFD7-DAFA5817B514}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{3A467139-BA04-4553-B90D-4305F4378C84}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{F7AD1D15-7B73-4E21-86EA-75D530EC7892}] => (Allow) C:\Program Files (x86)\Audials\Audials 12\Audials.exe
FirewallRules: [{98504642-AC52-4845-B440-2AE78E723AC8}] => (Allow) C:\Program Files (x86)\Audials\Audials 2016\Audials.exe
FirewallRules: [{C407692F-0D35-4716-9169-72D80E6C137B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FBCF7607-A7A1-426D-9D4E-8959534F682F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{28D64EC5-BA25-4C86-9035-0B1EDE5B436D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0D8B61E8-DC80-4968-B00D-6EC77B791D0C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{44A72690-4080-4BA9-BE37-851D54FE88AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7BFF06A-BFBA-4FE7-A605-327219819FDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

21-09-2017 22:38:49 Scheduled Checkpoint
22-09-2017 14:59:45 JRT Pre-Junkware Removal
22-09-2017 21:00:29 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2017 01:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RealPlayerUpdateSvc.exe, version: 0.0.0.0, time stamp: 0x55b70507
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x802f667e
Exception code: 0xc0000005
Fault offset: 0x00091cc2
Faulting process id: 0x10ec
Faulting application start time: 0x01d337056448db8a
Faulting application path: C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 83c4d04a-f862-424e-9031-d61f205abe2f
Faulting package full name:
Faulting package-relative application ID:

Error: (09/26/2017 01:35:22 PM) (Source: MsiInstaller) (EventID: 1018) (User: GLH-HP-I7)
Description: The application 'DisplayLink Core Software' cannot be installed because it is not compatible with this version of Windows. Contact the application vendor for an update.

Error: (09/26/2017 01:35:22 PM) (Source: MsiInstaller) (EventID: 1018) (User: GLH-HP-I7)
Description: The application 'DisplayLink Core Software' cannot be installed because it is not compatible with this version of Windows. Contact the application vendor for an update.

Error: (09/26/2017 01:27:31 PM) (Source: DbxSvc) (EventID: 310) (User: )
Description: Failed to get ANSI path for file: C:\WINDOWS\Minidump\ee67bc92-0861-4717-afb2-84617cecc25d.dmp

Error: (09/26/2017 01:27:31 PM) (Source: DbxSvc) (EventID: 305) (User: )
Description: Failed to open file: C:\WINDOWS\Minidump\ee67bc92-0861-4717-afb2-84617cecc25d.dmp, error: (2) The system cannot find the file specified.

Error: (09/25/2017 10:55:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 259781

Error: (09/25/2017 10:55:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 259781

Error: (09/25/2017 10:55:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/25/2017 10:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 244375

Error: (09/25/2017 10:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 244375

System errors:
=============
Error: (09/26/2017 01:54:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/26/2017 01:26:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/26/2017 01:26:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/26/2017 01:24:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xffffa70edfe8c060, 0xfffff803a89c68f0, 0xffffa70eede32a60). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: ee67bc92-0861-4717-afb2-84617cecc25d.

Error: (09/26/2017 01:23:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (09/26/2017 01:23:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:35:34 PM on ‎9/‎25/‎2017 was unexpected.

Error: (09/25/2017 02:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/25/2017 01:57:31 PM) (Source: DCOM) (EventID: 10016) (User: GLH-HP-I7)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user GLH-HP-I7\Gary SID (S-1-5-21-2403600405-3902123954-3795360202-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/25/2017 01:57:31 PM) (Source: DCOM) (EventID: 10016) (User: GLH-HP-I7)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user GLH-HP-I7\Gary SID (S-1-5-21-2403600405-3902123954-3795360202-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/25/2017 01:42:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.

CodeIntegrity:
===================================
Date: 2017-09-26 22:15:11.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 22:15:11.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 22:14:52.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 22:14:52.786
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 14:07:49.317
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 14:07:49.314
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 14:07:49.297
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 14:07:49.295
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 14:07:49.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-26 14:07:49.268
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 16306.27 MB
Available physical RAM: 11797.73 MB
Total Virtual: 18738.27 MB
Available Virtual: 10078.12 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:903.22 GB) (Free:287.45 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.38 GB) (Free:2.95 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7B11232F)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Sep 27, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

glhglh · Sep 29, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by Gary (28-09-2017 21:53:41) Run:2
Running from C:\Users\Gary\Desktop\Virus Files
Loaded Profiles: Gary (Available Profiles: Gary)
Boot Mode: Normal
==============================================

fixlist content:
*****************
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-03-30 16:11 - 2017-03-30 16:11 - 000004995 _____ () C:\ProgramData\flwjycbm.bab
2017-07-04 18:32 - 2017-07-04 18:33 - 000000369 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-09-21 18:19 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-07-02 14:26 - 2017-07-02 14:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1128716736120984894.dll
2017-08-20 13:52 - 2017-08-20 13:52 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1185994884251480055.dll
2017-07-15 12:01 - 2017-07-15 12:01 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1491096867797644175.dll
2017-06-05 12:29 - 2017-06-05 12:29 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo153054027379585416.dll
2017-05-29 18:28 - 2017-05-29 18:28 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1561345372663756916.dll
2017-07-21 19:38 - 2017-07-21 19:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2024714246969511761.dll
2017-07-25 13:38 - 2017-07-25 13:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2472413089026195962.dll
2017-06-22 18:43 - 2017-06-22 18:43 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2502458910472016515.dll
2017-06-07 10:13 - 2017-06-07 10:13 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2538183489741080225.dll
2017-07-24 12:35 - 2017-07-24 12:35 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo258110524934299212.dll
2017-07-02 12:09 - 2017-07-02 12:09 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2974122502050258248.dll
2017-07-09 11:44 - 2017-07-09 11:44 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2979912673764321384.dll
2017-07-13 13:06 - 2017-07-13 13:06 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3054743838578008087.dll
2017-05-20 13:40 - 2017-05-20 13:40 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3245360875198374731.dll
2017-07-27 15:39 - 2017-07-27 15:39 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3388391011747693981.dll
2017-05-22 18:15 - 2017-05-22 18:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3434674155159723301.dll
2017-05-29 11:23 - 2017-05-29 11:23 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3579157665354429070.dll
2017-07-02 19:24 - 2017-07-02 19:24 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3618998181673647516.dll
2017-09-06 15:36 - 2017-09-06 15:36 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3727372090349535255.dll
2017-05-27 12:26 - 2017-05-27 12:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3743427441832958526.dll
2017-06-01 14:02 - 2017-06-01 14:02 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3961472310719402037.dll
2017-05-23 17:22 - 2017-05-23 17:22 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4399265340766192970.dll
2017-07-06 13:49 - 2017-07-06 13:49 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4559334740244096220.dll
2017-05-22 15:00 - 2017-05-22 15:00 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4939372026009556110.dll
2017-07-16 11:25 - 2017-07-16 11:25 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5379308313281628998.dll
2017-08-20 14:55 - 2017-08-20 14:55 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5549117569092789258.dll
2017-07-22 14:28 - 2017-07-22 14:28 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5589061492157912847.dll
2017-07-03 14:54 - 2017-07-03 14:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo561815919147524134.dll
2017-07-06 13:02 - 2017-07-06 13:02 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5627761532422515662.dll
2017-07-22 11:14 - 2017-07-22 11:14 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5990592677599352364.dll
2017-09-06 15:32 - 2017-09-06 15:32 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6032715703456542523.dll
2017-07-08 13:26 - 2017-07-08 13:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6130993628735843944.dll
2017-07-16 15:54 - 2017-07-16 15:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6276048343441141411.dll
2017-05-27 18:21 - 2017-05-27 18:21 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo633435002992961525.dll
2017-07-21 11:21 - 2017-07-21 11:21 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6380050904439228569.dll
2017-07-05 19:42 - 2017-07-05 19:42 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6405406407824816842.dll
2017-07-09 15:50 - 2017-07-09 15:50 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6436310274419385548.dll
2017-07-22 14:27 - 2017-07-22 14:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6500777139135593071.dll
2017-07-16 17:56 - 2017-07-16 17:56 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6583595737629943818.dll
2017-07-11 20:03 - 2017-07-11 20:03 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6881982614050675614.dll
2017-05-26 15:27 - 2017-05-26 15:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6890264939196049150.dll
2017-05-21 16:15 - 2017-05-21 16:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7072223947755728673.dll
2017-05-28 19:05 - 2017-05-28 19:05 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7451802377285235743.dll
2017-07-17 15:33 - 2017-07-17 15:33 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7494978754685569551.dll
2017-07-20 16:32 - 2017-07-20 16:32 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7588198512604405414.dll
2017-07-17 15:25 - 2017-07-17 15:25 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7642839192522625626.dll
2017-07-15 17:17 - 2017-07-15 17:17 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7694872152620873824.dll
2017-07-25 17:01 - 2017-07-25 17:01 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7830584707698594227.dll
2017-07-19 17:26 - 2017-07-19 17:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7870615670175668938.dll
2017-05-20 16:43 - 2017-05-20 16:43 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7963567259217866278.dll
2017-05-20 12:00 - 2017-05-20 12:00 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7965225033155851332.dll
2017-07-14 17:27 - 2017-07-14 17:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8256362640445354082.dll
2017-07-14 15:54 - 2017-07-14 15:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8551694538777191730.dll
2017-06-05 15:55 - 2017-06-05 15:55 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8735167331746754159.dll
2017-07-04 13:20 - 2017-07-04 13:20 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8891460120144130369.dll
2017-07-17 15:35 - 2017-07-17 15:35 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo903048273976466746.dll
2017-05-25 14:38 - 2017-05-25 14:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9057561928707003808.dll
2017-07-11 16:08 - 2017-07-11 16:08 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9085320885667089679.dll
2017-05-11 14:15 - 2017-05-11 14:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9222431378436618685.dll
2017-05-28 12:51 - 2017-05-28 12:51 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo988009505613204984.dll
2017-07-11 15:05 - 2017-07-11 15:05 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo99119825588414507.dll
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\Users\Gary\Desktop\여보세요 - Vol II - Number 4 Page 04b.jpg:com.dropbox.attributes [168]

*****************

ibtsiva => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\ProgramData\flwjycbm.bab => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully
C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo1128716736120984894.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo1185994884251480055.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo1491096867797644175.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo153054027379585416.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo1561345372663756916.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo2024714246969511761.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo2472413089026195962.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo2502458910472016515.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo2538183489741080225.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo258110524934299212.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo2974122502050258248.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo2979912673764321384.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3054743838578008087.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3245360875198374731.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3388391011747693981.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3434674155159723301.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3579157665354429070.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3618998181673647516.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3727372090349535255.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3743427441832958526.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo3961472310719402037.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo4399265340766192970.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo4559334740244096220.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo4939372026009556110.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo5379308313281628998.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo5549117569092789258.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo5589061492157912847.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo561815919147524134.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo5627761532422515662.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo5990592677599352364.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6032715703456542523.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6130993628735843944.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6276048343441141411.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo633435002992961525.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6380050904439228569.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6405406407824816842.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6436310274419385548.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6500777139135593071.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6583595737629943818.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6881982614050675614.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo6890264939196049150.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7072223947755728673.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7451802377285235743.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7494978754685569551.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7588198512604405414.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7642839192522625626.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7694872152620873824.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7830584707698594227.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7870615670175668938.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7963567259217866278.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo7965225033155851332.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo8256362640445354082.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo8551694538777191730.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo8735167331746754159.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo8891460120144130369.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo903048273976466746.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo9057561928707003808.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo9085320885667089679.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo9222431378436618685.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo988009505613204984.dll => moved successfully
C:\Users\Gary\AppData\Local\Temp\javasysmo99119825588414507.dll => moved successfully
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => key removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
"C:\Users\Gary\Desktop\여보세요 - Vol II - Number 4 Page 04b.jpg" => ":com.dropbox.attributes" ADS not found.

The system needed a reboot.

==== End of Fixlog 21:54:18 ====

Broni · Sep 29, 2017

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

glhglh · Oct 1, 2017

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
iZotope Music & Speech Cleaner
Adobe Flash Player 27.0.0.130
Adobe Reader XI
Google Chrome (61.0.3163.100)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Gary Desktop Virus Files SecurityCheck.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

glhglh · Oct 1, 2017

Farbar Service Scanner Version: 27-01-2016
Ran by Gary (administrator) on 01-10-2017 at 16:53:05
Running from "C:\Users\Gary\Desktop\Virus Files"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Broni · Oct 1, 2017

Sophos?

glhglh · Oct 1, 2017

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
->Temporary Internet Files folder emptied: 0 bytes
User: Gary
->Temp folder emptied: 604864767 bytes
->Temporary Internet Files folder emptied: 394898085 bytes
->Google Chrome cache emptied: 439385802 bytes
->Flash cache emptied: 10392 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4534896 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 257464857 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 8297425727 bytes
Process complete!
Total Files Cleaned = 9,535.00 mb

glhglh · Oct 2, 2017

Problems loading Sophos: Error 1606 Could not access network location.

Broni · Oct 2, 2017

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Under "ESET Online Scanner" click on "Scan now" button.
It'll download small file "esetonlinescanner_enu.exe".
Double click on downloaded file.
Click on Accept button.
Checkmark "Disable detection of potentially unwanted applications".
Click Scan
Accept any security warnings from your browser.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

glhglh · Oct 4, 2017

Sophos clean

glhglh · Oct 4, 2017

No need for eset?

Broni · Oct 4, 2017

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

glhglh · Oct 5, 2017

# DelFix v1.010 - Logfile created 05/10/2017 at 13:46:18
# Updated 26/04/2015 by Xplode
# Username : Gary - GLH-HP-I7
# Operating System : Windows 10 Home (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Gary\Desktop\JRT.txt
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #26 [Windows Update | 09/29/2017 05:09:56]
Deleted : RP #27 [Removed Sophos Virus Removal Tool. | 10/02/2017 03:25:04]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Broni · Oct 5, 2017

11. Please, let me know, how your computer is doing.

Broni · Oct 10, 2017

The issue seems to be resolved.

Solved Something hanging up IE

glhglh

Posts: 701 +0

glhglh

Posts: 701 +0

Broni

Posts: 56,041 +516

Attachments

glhglh

Posts: 701 +0

Broni

Posts: 56,041 +516

glhglh

Posts: 701 +0

glhglh

Posts: 701 +0

Broni

Posts: 56,041 +516

glhglh

Posts: 701 +0

glhglh

Posts: 701 +0

Broni

Posts: 56,041 +516

glhglh

Posts: 701 +0

glhglh

Posts: 701 +0

Broni

Posts: 56,041 +516

glhglh

Posts: 701 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts