PC Slow with Frequent Not Responding Message

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by David (administrator) on DAVID-PC (01-04-2018 12:10:49)
Running from C:\Users\David\Desktop
Loaded Profiles: David & UpdatusUser (Available Profiles: David & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebH elper.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-07-18] (Realtek Semiconductor)
HKLM...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-12] (Avira Operations GmbH & Co. KG)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261944 2018-01-22] (Apple Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Run: [Dropbox Update] => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebH elper.exe [1579120 2017-08-29] (Spotify Ltd)
HKU\S-1-5-21-1365679944-132168641-953657067-1057...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1365679944-132168641-953657067-1057...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [72192 2009-07-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL → No File
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk [2018-03-30]
ShortcutTarget: Dropbox.lnk → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-07]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip..\Interfaces{DD471341-BEC1-4000-9EE1-06BD35EC3BA0}: [DhcpNameServer] 192.168.0.1
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Easy Photo Print → {9421DD08-935F-4701-A9CA-22DF90AC4EA6} → C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\3bgnvy7a.default-1482517495665 [2018-03-30]
FF Extension: (Avira Browser Safety) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\3bgnvy7a.default-1482517495665\Extensionsabs@avira.com.xpi [2018-02-27]
FF Extension: (uBlock Origin) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\3bgnvy7a.default-1482517495665\ExtensionsuBlock0@raymondhill.net.xpi [2018-02-27]
FF ProfilePath: C:\Users\David\AppData\Roaming\eMusic\eMusic Download Manager\Profiles\w4rn4tx3.default [2017-02-16]
FF HKLM...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2017-02-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_ 113.dll [2018-03-23] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 → C:\Program Files\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 → C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin → C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 → C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 → C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 → C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision → C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming → C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-1365679944-132168641-953657067-1000: @tools.google.com/Google Update;version=3 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1365679944-132168641-953657067-1000: @tools.google.com/Google Update;version=9 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-04-01]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-02-16]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-02-16]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2018-03-23]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2018-03-24]
StartMenuInternet: Google Chrome - C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1136744 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [492560 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [492560 2018-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1533608 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [443024 2018-03-12] (Avira Operations GmbH & Co. KG)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe [189736 2009-09-25] (Seagate Technology LLC)
S4 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S4 gupdate1c9eaad5b861f00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-11] (Google Inc.)
S4 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [87416 2007-07-27] (Juniper Networks)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-11] (IObit)
R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [156088 2018-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23304 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-05-25] (REALiX™)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-11-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [138616 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [770936 2015-11-03] (AO Kaspersky Lab)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-12] (Lavasoft AB)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [302168 2018-01-24] (IBM Corp.)
R1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\baseline\RapportCerberus32_1908103.sys [1119272 2018-02-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [401360 2018-01-24] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [206360 2018-01-24] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [326672 2018-01-24] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [472080 2018-01-24] (IBM Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2006-12-22] (VM)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 12:08 - 2018-04-01 12:09 - 001764352 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2018-03-31 11:50 - 2018-03-31 11:50 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\3741A264.sys
2018-03-31 11:46 - 2018-03-31 14:48 - 000000000 ____D C:\Users\David\Desktop\mbar
2018-03-31 11:46 - 2018-03-31 12:35 - 000000000 ____D C:\ProgramData\Malwarebytes’ Anti-Malware (portable)
2018-03-31 11:46 - 2018-03-31 11:50 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-31 11:44 - 2018-03-31 11:44 - 000001544 _____ C:\RstHosts.txt
2018-03-31 11:42 - 2018-03-31 11:43 - 014178840 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.10.3.1001.exe
2018-03-31 11:42 - 2018-03-31 11:42 - 000353632 _____ C:\Users\David\Desktop\rsthosts_2.0.exe
2018-03-30 20:26 - 2018-03-30 21:09 - 000018745 _____ C:\Users\David\Desktop\Fixlog.txt
2018-03-30 20:12 - 2018-03-30 20:12 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Dropbox
2018-03-30 20:02 - 2018-03-30 20:02 - 001622528 _____ C:\Users\David\Desktop\ResetBrowser.exe
2018-03-29 11:08 - 2018-03-29 11:08 - 000000000 ____D C:\Users\David\Downloads\RevoUninstaller_Portable
2018-03-29 11:05 - 2018-03-29 11:06 - 000000000 ____D C:\Users\David\AppData\Roaming\Geek Uninstaller
2018-03-29 09:17 - 2018-03-29 09:17 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-29 09:15 - 2018-03-29 11:04 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-29 00:17 - 2018-03-29 00:15 - 022623816 _____ (Adlice Software) C:\Users\David\Desktop\RogueKiller_portable32.exe
2018-03-28 23:33 - 2018-03-28 23:33 - 000002093 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2018-03-28 23:33 - 2018-03-28 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-03-28 21:54 - 2018-03-28 21:58 - 000068504 _____ C:\Users\David\Desktop\Addition.txt
2018-03-28 21:28 - 2018-04-01 12:12 - 000017983 _____ C:\Users\David\Desktop\FRST.txt
2018-03-28 21:09 - 2018-03-28 21:10 - 008222496 _____ (Malwarebytes) C:\Users\David\Desktop\adwcleaner_7.0.8.0.exe
2018-03-26 16:58 - 2018-03-26 17:01 - 001967744 _____ C:\Users\David\Downloads\2VVX3G_LS815_12Apr2018.pd f
2018-03-24 00:09 - 2018-02-13 19:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-24 00:09 - 2018-02-13 19:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-24 00:09 - 2018-02-13 15:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-23 23:53 - 2018-03-23 23:53 - 000000000 ____D C:\Users\David\Documents\Remote Assistance Logs
2018-03-23 21:25 - 2018-03-23 21:25 - 000000000 ____D C:\Users\David\AppData\Local\ESET
2018-03-23 19:06 - 2018-04-01 12:10 - 000000000 ____D C:\FRST
2018-03-02 16:33 - 2018-03-02 16:33 - 000526818 _____ C:\Users\David\Downloads\Fwd%3a_Data_Protection_Le tter_and_Attachments.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 12:06 - 2017-02-16 02:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-01 12:06 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-31 14:47 - 2015-06-20 15:58 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA.job
2018-03-31 12:22 - 2017-02-16 02:38 - 000010880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-31 12:22 - 2017-02-16 02:38 - 000010880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-31 11:51 - 2017-09-25 21:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-30 21:20 - 2017-02-16 02:42 - 000000000 ____D C:\Users\UpdatusUser
2018-03-30 21:20 - 2016-12-23 00:52 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-03-30 20:14 - 2013-01-21 22:39 - 000000000 ____D C:\Users\David\AppData\Roaming\Dropbox
2018-03-30 20:09 - 2015-06-20 15:57 - 000000000 ____D C:\Users\David\AppData\Local\Dropbox
2018-03-28 23:56 - 2016-06-09 21:29 - 000000000 ____D C:\AdwCleaner
2018-03-28 23:35 - 2017-03-02 23:51 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2018-03-28 23:35 - 2012-07-29 15:01 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2018-03-28 23:33 - 2017-03-03 15:42 - 000000000 ____D C:\ProgramData\Foxit Software
2018-03-28 23:05 - 2017-03-17 18:31 - 000000000 ____D C:\ProgramData\IObit
2018-03-28 22:55 - 2011-01-29 14:17 - 000000000 ____D C:\Users\David\AppData\Roaming\IObit
2018-03-28 22:30 - 2013-10-27 19:56 - 000000000 ____D C:\Users\David\AppData\LocalLow\IObit
2018-03-28 22:16 - 2015-01-03 14:59 - 000000000 ____D C:\Program Files\Common Files\IObit
2018-03-28 21:14 - 2017-03-17 18:22 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-28 20:54 - 2010-11-20 22:01 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-28 20:54 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-03-28 20:50 - 2014-03-17 21:25 - 000000000 ____D C:\ProgramData\ProductData
2018-03-27 12:49 - 2009-06-15 09:43 - 000000000 ____D C:\Users\David\Documents\Dad’s stuff
2018-03-26 17:54 - 2015-06-20 15:57 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core.job
2018-03-24 13:58 - 2013-08-14 14:29 - 000000000 ____D C:\Windows\system32\MRT
2018-03-24 13:46 - 2017-10-11 17:57 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-24 13:45 - 2017-03-03 00:17 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-24 01:05 - 2017-03-09 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-03-24 01:05 - 2017-03-02 22:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-23 23:52 - 2017-10-03 12:11 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2018-03-23 23:52 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-03-23 19:29 - 2017-12-07 23:26 - 000000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-23 19:19 - 2009-04-04 13:02 - 000002405 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Google Chrome.lnk
2018-03-23 19:06 - 2012-04-06 18:38 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-23 19:06 - 2011-06-26 19:01 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-23 19:06 - 2009-03-07 11:23 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-02 13:22 - 2012-08-13 09:26 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-02 13:22 - 2009-03-14 20:53 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== Files in the root of some directories =======

2013-06-15 22:44 - 2013-06-15 22:44 - 000000288 _____ () C:\Users\David\AppData\Roaming.backup.dm
2009-08-25 23:24 - 2009-08-25 23:24 - 000024064 _____ () C:\Users\David\AppData\Roaming\UserTile.png
2016-04-26 23:01 - 2016-04-30 12:00 - 000000100 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2017-03-03 18:05 - 2017-03-03 18:05 - 000008248 _____ () C:\Users\David\AppData\Local\en.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 09:13

==================== End of FRST.txt ============================

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by David (01-04-2018 12:12:47)
Running from C:\Users\David\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2017-02-16 09:08:47)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-1365679944-132168641-953657067-500 - Administrator - Disabled)
David (S-1-5-21-1365679944-132168641-953657067-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1365679944-132168641-953657067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1365679944-132168641-953657067-1059 - Limited - Enabled)
UpdatusUser (S-1-5-21-1365679944-132168641-953657067-1057 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM...{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acrobat.com (HKLM...{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM...{A911056C-E170-476A-9C9E-9E0500E6DC6A}) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM...{BAF5175E-C27F-4252-81B9-E42F01E46CB6}) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM...{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM...{2218B6FE-7215-4EC9-B0E7-F47674AFA2F5}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM...{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Athentech Perfectly Clear (HKLM..._{128FBA3A-36CA-4BEB-8AAA-036A0AF8E4E2}) (Version: 1.0.0.135 - Corel Corporation)
Athentech Perfectly Clear (HKLM...{128FBA3A-36CA-4BEB-8AAA-036A0AF8E4E2}) (Version: 1.0.0.135 - Corel Corporation) Hidden
Avira (HKLM...{5269e51a-b619-4c55-8a5c-8c7eaf27e6cf}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG)
Avira (HKLM...{DBA89A98-6FF1-4FE3-8147-69DD2C5DE889}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Bing Maps 3D (HKLM...{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM...{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM..._{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.2.0.7 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM...{93EE564E-9DA1-4655-8A90-4E816019B409}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Corel ScreenCap (HKLM...{99642277-4695-438F-8F07-E59D3E8EDB26}) (Version: 1.0.0 - Corel Corporation)
Corel Update Manager (HKLM...{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.7.355 - Corel corporation) Hidden
D3DX10 (HKLM...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dropbox (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
EDocs (HKLM...{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Epson Easy Photo Print 2 (HKLM...{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON PhotoQuicker3.5 (HKLM...{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version: - )
EPSON Print CD (HKLM...{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: - )
EPSON Printer Software (HKLM...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
Foxit Reader (HKLM...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
getPlus(R) for Adobe (HKLM...{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM...{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}) (Version: 1.9.4536.8202 - Google, Inc.)
Google Earth (HKLM...{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (HKLM...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
Hauppauge TV Tuner Driver (HKLM...{AF094932-91E6-4EF8-8AB8-1C7226DFEECB}) (Version: 2.0.25312 - Hauppauge Computer Works) Hidden
ICA (HKLM...{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: - )
iPhone Configuration Utility (HKLM...{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
IPM_PSP_COM (HKLM...{9A86C6EE-2CCC-4A51-BCC8-AAF97C2F4615}) (Version: 19.1.0.29 - Corel Corporation) Hidden
iTunes (HKLM...{BAE90D3C-B93B-4B8E-BA38-C9B5575CC483}) (Version: 12.7.3.46 - Apple Inc.)
Juniper Installer Service (HKLM...\SetupService) (Version: 1.1.0.3489 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Neoteris_Host_Checker) (Version: 6.3.0.14715 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Juniper_Setup_Client) (Version: 1.3.3.13503 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Microsoft .NET Framework 4.7.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.1 (HKLM...{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}) (Version: 2.1.0000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM...{91120000-0030-0000-0000-0000000FF1CE}ENTERPRISER{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM...{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM...{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM...{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM...{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM...{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM...{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM...{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 58.0.2 (x86 en-GB) (HKLM...\Mozilla Firefox 58.0.2 (x86 en-GB)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM...{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM...{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PSPPContent (HKLM...{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.1.0.29 - Corel Corporation) Hidden
PSPPHelp (HKLM...{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.1.0.29 - Corel Corporation) Hidden
QuickTime 7 (HKLM...{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM...{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1908.137 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.104.1223.2016 - Realtek)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM...{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (HKLM...{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator DE (HKLM...{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
ScanToWeb (HKLM...{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
SDFormatter (HKLM...{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Seagate Manager Installer (HKLM...{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM...\InstallShield{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows (HKLM...{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.4 - Seagate Technology)
Secunia PSI (3.0.0.11005) (HKLM...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Segoe UI (HKLM...{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}) (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setup (HKLM...{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.1.0.29 - Corel Corporation) Hidden
SIPPS (HKLM...\SIPPS!UninstallKey) (Version: - )
Skype™ 7.24 (HKLM...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM...{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Trusteer Endpoint Protection (HKLM...\Rapport_msi) (Version: 3.5.1908.137 - Trusteer)
TuxGuitar 1.2 (HKLM...\TuxGuitar_0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM...{91120000-0030-0000-0000-0000000FF1CE}ENTERPRISER{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC 9.0 Runtime (HKLM...{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM...{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (HKLM...{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM...{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows Live Essentials (HKLM...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM...{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZoneAlarm Antivirus (HKLM...{4818D335-B3C0-4CE7-89EF-1380A3A549A3}) (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1365679944-132168641-953657067-1000...\ChromeHTML: → C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 → C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ContextMenuHandlers1: [EPP] → {3F3B81BE-529B-40b9-8189-6666B241ADFA} => C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll [2008-10-22] (SEIKO EPSON CORPORATION)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2013-04-16] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] → {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-12-21] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers4: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2013-04-16] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-18] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] → {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-12-21] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {051D0B09-CFC4-4E3D-8B65-F8FCF2489E6F} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {137ABB43-7313-49E1-81C7-4AB3C31E18DB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {14624C15-C2B0-4738-BAC9-B243666F915D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2018-03-23] (Adobe Systems Incorporated)
Task: {1ABB4027-438B-4C7E-B30C-C112E640419D} - System32\Tasks\CorelUpdateHelperTask-6D51C8F514C231B4491278912C46A4AD => C:\Program Files\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {2BF02622-C870-4B5A-8850-49BA3525A67A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {38F1B869-43D7-41CA-8C59-AAE57DF6CAD1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_ 0_0_113_Plugin.exe [2018-03-23] (Adobe Systems Incorporated)
Task: {41CE564A-97CD-42C3-AC79-5A1CC14B67CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {50B32295-DFEF-495E-B684-1EDC2EAFC3D1} - System32\Tasks{8BAEA27D-0DDA-428A-9727-E208DE68AAAA} => C:\Program Files\Skype\Phone\Skype.exe [2016-05-17] (Skype Technologies S.A.)
Task: {52D7030C-C7A7-43C0-BD62-0F7B6726D22D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {5664BF4D-D5C9-4708-9A0F-72B0E555509E} - System32\Tasks{B28DE500-09F8-4770-8AB1-40C41B0C7399} => C:\Windows\system32\pcalua.exe -a C:\Users\David\Downloads\converter.exe -d C:\Windows\system32
Task: {63370F96-9BAF-4307-9350-1348A42F2579} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA => C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe [2015-08-29] (Google Inc.)
Task: {6467F6B6-F82F-4978-BA3B-98D388624403} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2018-03-02] (Avira Operations GmbH & Co. KG)
Task: {67DDFABE-683F-4953-BE25-41FC8728CC47} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1365679944-132168641-953657067-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {796DCEC3-6154-4AA1-8059-EAB65E5F75A6} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {84B5593E-5FAA-4676-AB89-9511DA7E5917} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core => C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe [2015-08-29] (Google Inc.)
Task: {85053098-403B-490A-99A4-F9C40E672C5E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1365679944-132168641-953657067-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {D0AB8569-08AA-4FCD-B319-21339C4255D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core.job => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA.job => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AE143750-3A46-4BA4-B78A-221DF09B574B}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-16 02:38 - 2013-01-18 15:20 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-22 04:21 - 2018-01-22 04:21 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 04:21 - 2018-01-22 04:21 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-30 20:10 - 2018-03-28 15:31 - 000746312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox _watchdog.dll
2018-03-30 20:10 - 2018-03-28 15:31 - 002079048 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox _crashpad.dll
2018-03-30 20:12 - 2018-03-28 15:30 - 000100312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin_ctypes. pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000018896 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\select. pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000020808 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\tornado .speedups.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000035808 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin_multipr ocessing.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000694232 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\unicode data.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptog raphy.hazmat.bindings._constant_time.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000130520 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin_cffi_ba ckend.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 001856864 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptog raphy.hazmat.bindings._openssl.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000022880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptog raphy.hazmat.bindings._padding.pyd
2018-03-30 20:10 - 2018-03-28 15:30 - 000145880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pyexpat .pyd
2018-03-30 20:11 - 2018-03-28 15:31 - 000116696 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pywinty pes27.dll
2018-03-30 20:12 - 2018-03-28 15:30 - 000105944 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ap i.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022872 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. crt.compiled._winffi_crt.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000063312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\psutil. _psutil_windows.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000024536 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ev ent.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000077120 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\fastpat h.pyd
2018-03-30 20:10 - 2018-03-28 15:31 - 000392664 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pythonc om27.dll
2018-03-30 20:10 - 2018-03-28 15:30 - 000020952 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\mmapfil e.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000124888 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32fi le.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000114136 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32se curity.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000392520 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32co m.shell.shell.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000026464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. kernel32.compiled._winffi_kernel32.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000043480 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pr ocess.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000024024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32cl ipboard.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000175576 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32gu i.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000030168 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pi pe.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000026072 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32jo b.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000048600 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32se rvice.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000057816 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ev tlog.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000021840 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cpuid.c ompiled._cpuid.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000023376 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winshel l.compiled._winshell.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000022864 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\crashpa d.compiled._Crashpad.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000066400 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winenum handles.compiled._WinEnumHandles.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 001798464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tCore.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000084944 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 001959232 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tGui.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 003863880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWidgets.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000155472 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebEngineWidgets.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000521544 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tNetwork.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000051024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebEngineCore.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000043336 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebChannel.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000131400 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebKit.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000219984 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebKitWidgets.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000204104 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tPrintSupport.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000025440 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winscre enshot.compiled._CaptureScreenshot.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000060888 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pr int.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000054616 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winrpcs erver.compiled._RPCServer.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000024024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pr ofile.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. user32.compiled._winffi_user32.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000028632 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ts .pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022368 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. winerror.compiled._winffi_winerror.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022368 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. wininet.compiled._winffi_wininet.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000027496 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox .infinite.win.compiled._driverinstallation.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000349144 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winxpgu i.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000023904 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winveri fysignature.compiled._VerifySignature.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000025432 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\librsyn cffi.compiled._librsyncffi.pyd
2018-03-30 20:10 - 2018-03-28 15:31 - 000036312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\librsyn c.dll
2018-03-30 20:12 - 2018-03-28 15:33 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. advapi32.compiled._winffi_advapi32.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000181064 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox _sqlite_ext.DLL
2018-03-30 20:12 - 2018-03-28 15:33 - 000030544 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\wind3d1 1.compiled._wind3d11.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000024384 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libEGL. DLL
2018-03-30 20:10 - 2018-03-28 15:32 - 001638208 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libGLES v2.dll
2018-03-30 20:12 - 2018-03-28 15:33 - 000026464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. winhttp.compiled._winffi_winhttp.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000546632 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tQuick.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000359744 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tQml.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000038216 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\dell.com → dell.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\007guard.com → install.007guard.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\008k.com → www.008k.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\00hq.com → www.00hq.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\010402.com → 010402.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\032439.com → 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0scan.com → www.0scan.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-2005-search.com → www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-domains-registrations.com → www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-se.com → 1-se.com

There are 11327 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-10-24 15:18 - 000444930 __RSH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 www.123simsen.com

There are 15277 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1365679944-132168641-953657067-1000\Control Panel\Desktop\Wallpaper → C:\Users\David\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1365679944-132168641-953657067-1057\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: cmdAgent => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FreeAgentGoNext Service => 2
MSCONFIG\Services: getPlus(R) Helper => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate1c9eaad5b861f00 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: JuniperAccessService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: sprtsvc_O2 => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SupportSoft RemoteAssist => 3
MSCONFIG\Services: WRSVC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => c:\program files\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
MSCONFIG\startupreg: Advanced SystemCare 6 => “C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe” /AutoStart
MSCONFIG\startupreg: Akamai NetSession Interface => “C:\Users\David\AppData\Local\Akamai\netsession_wi n.exe”
MSCONFIG\startupreg: BigDogPath => C:\Windows\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc%
MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner.exe” /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
MSCONFIG\startupreg: Corel File Shell Monitor => “C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe”
MSCONFIG\startupreg: dellsupportcenter => “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P dellsupportcenter
MSCONFIG\startupreg: DellSystemDetect => C:\Users\David\AppData\Local\Apps\2.0\1LLGV105.GMT \RVYL3TNL.DOM\dell..tion_0f612f649c4a10af_0005.000 7_59de4fd2458fcaec\DellSystemDetect.exe
MSCONFIG\startupreg: DivXUpdate => “C:\Program Files\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EPSON SX410 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIF CE.EXE /FU “C:\Windows\TEMP\E_S7A24.tmp” /EF “HKCU”
MSCONFIG\startupreg: Google Update => C:\Users\David\AppData\Local\Google\Update\1.3.32. 7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GrooveMonitor => “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: MaxMenuMgr => “C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe”
MSCONFIG\startupreg: NvCplDaemon => “RUNDLL32.EXE” C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => “RUNDLL32.EXE” C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: O2 => “C:\Program Files\O2\bin\sprtcmd.exe” /P O2
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files\QuickTime\QTTask.exe” -atboottime
MSCONFIG\startupreg: RtHDVCpl => “RtHDVCpl.exe”
MSCONFIG\startupreg: Sidebar => “C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
MSCONFIG\startupreg: Spotify Web Helper => “C:\Users\David\AppData\Roaming\Spotify\SpotifyWeb Helper.exe”
MSCONFIG\startupreg: SunJavaUpdateSched => “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
MSCONFIG\startupreg: TkBellExe => “c:\program files\real\realplayer\Update\realsched.exe” -osboot
MSCONFIG\startupreg: Windows Defender => “%ProgramFiles%\Windows Defender\MSASCui.exe” -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WRSVC => “C:\Program Files\Webroot\WRSA.exe” -ul

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

04-09-2017 15:57:18 Installed Rapport
14-09-2017 12:36:33 Windows Update
20-09-2017 14:28:57 Windows Update
22-09-2017 17:20:46 Installed Rapport
06-10-2017 17:14:17 Installed Rapport
11-10-2017 17:56:20 Windows Update
10-11-2017 14:33:19 Scheduled Checkpoint
16-11-2017 15:37:06 Windows Update
23-11-2017 04:01:48 Windows Update
28-11-2017 23:22:06 Windows Update
07-12-2017 23:27:43 Windows Update
13-12-2017 16:08:21 Windows Update
21-12-2017 13:30:25 Installed Rapport
04-01-2018 17:24:32 Installed Rapport
10-01-2018 13:04:32 Windows Update
23-01-2018 13:59:19 Installed Rapport
08-02-2018 17:31:10 Installed Rapport
14-02-2018 15:52:21 Windows Update
22-02-2018 13:10:40 Scheduled Checkpoint
11-03-2018 17:49:51 Windows Update
24-03-2018 13:38:32 Windows Update
28-03-2018 20:57:58 Windows Update
30-03-2018 20:09:30 Revo Uninstaller’s restore point - SUPERAntiSpyware
30-03-2018 20:26:07 Restore Point Created by FRST
30-03-2018 21:12:07 ResetBrowser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (04/01/2018 12:07:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 09:18:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 08:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 08:27:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionExcep tion
at System.ComponentModel.Composition.Hosting.Composit ionServices.GetExportedValueFromComposedPart(Syste m.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.Compo sablePart, System.ComponentModel.Composition.Primitives.Expor tDefinition)
at System.ComponentModel.Composition.Hosting.CatalogE xportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.Expor tDefinition, Boolean)
at System.ComponentModel.Composition.Hosting.CatalogE xportProvider+CatalogExport.GetExportedValueCore()
at System.ComponentModel.Composition.Primitives.Expor t.get_Value()
at System.ComponentModel.Composition.ExportServices.G etCastedExportedValue[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]
at System.ComponentModel.Composition.Hosting.ExportPr ovider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.Impor tCardinality)
at Avira.OE.ServiceHost.ServiceHost.Initialize()
at Avira.OE.ServiceHost.Program+<>c__DisplayClass7_0. b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCal lback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System. Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWa itCallback()

Error: (03/30/2018 08:26:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Composition.CompositionExcep tion
at System.ComponentModel.Composition.Hosting.Composit ionServices.GetExportedValueFromComposedPart(Syste m.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.Compo sablePart, System.ComponentModel.Composition.Primitives.Expor tDefinition)
at System.ComponentModel.Composition.Hosting.CatalogE xportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.Expor tDefinition, Boolean)
at System.ComponentModel.Composition.Hosting.CatalogE xportProvider+CatalogExport.GetExportedValueCore()
at System.ComponentModel.Composition.Primitives.Expor t.get_Value()
at System.ComponentModel.Composition.ExportServices.G etCastedExportedValue[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]
at System.ComponentModel.Composition.Hosting.ExportPr ovider.GetExportedValueCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String, System.ComponentModel.Composition.Primitives.Impor tCardinality)
at Avira.OE.ServiceHost.ServiceHost.Initialize()
at Avira.OE.ServiceHost.Program+<>c__DisplayClass7_0. b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCal lback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(Syst em.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threa ding.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System. Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWa itCallback()

Error: (03/30/2018 08:26:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (03/30/2018 08:09:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {450fb874-8868-40ba-96b5-802bec99e0ea}

Error: (03/30/2018 07:47:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
[HEADING=1]System errors:[/HEADING]
Error: (03/31/2018 02:46:28 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/31/2018 11:41:11 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/30/2018 09:09:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/30/2018 09:09:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/30/2018 08:27:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/30/2018 08:27:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (03/30/2018 08:27:00 PM) (Source: WMPNetworkSvc) (EventID: 14348) (User: )
Description: A new media server was not initialized due to error ‘0x80070057’. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.

Error: (03/30/2018 08:27:00 PM) (Source: WMPNetworkSvc) (EventID: 14323) (User: )
Description: Service ‘WMPNetworkSvc’ did not start correctly because MFCreateWMPMDEOpCenter encountered error ‘0xc00d4268’. If possible, reinstall Windows Media Player.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-02-16 00:23:17.624
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:16.922
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:16.235
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:15.471
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:59.875
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:59.188
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:58.517
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:57.862
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 54%
Total physical RAM: 3071.18 MB
Available physical RAM: 1387.51 MB
Total Virtual: 6140.68 MB
Available Virtual: 4107.74 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.55 GB) (Free:387.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.67 GB) NTFS
Drive k: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:496.18 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E46CEBE2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hi gus,

The PC seems to be running smoother now; do the above logs indicate anything further that is required?

I noticed the pre-work typically includes a log from aswMBR - should I run that too?

Hi werdnarolyat, No need to run aswMBR, glad to hear your machine is running better. I am concerned about your hosts file, not suspecting any nastys at this stage but a lot of unnecessary bloat in there.

Unfortunately some antivirus/security software blocks changes to your hosts file so as yet we haven’t cleaned it out as we would prefer. You have had 3 of the culprits that lock your hosts file and as Spybot and Zonealarm are 2 apps that block the file so it should only leave one left and that’s Avira.

Let’s try and fix this.

Can you please try and follow the instructions below

[ol]
[li]Right click the Avira Taskbar Icon.[/li][li]Select Manage AntiVirus.[/li][li]Click Other Modules in the box that opens.[/li][li]Click the Realtime protection tab[/li][li]Click the gear on the right.[/li][li]Click the general tab on the left of the next box that opens.[/li][li]Click on Security from the drop down options.[/li][li]Finally on the right DESELECT Protect Windows hosts files from changes[/li][/ol]
Then click Apply and OK on the bottom of the dialogue box.

[ATTACH]3681[/ATTACH]

Once that is done Please run this FRST fixlist (attached) as you did previously as per post 24. No need to reset the browser again. Can you then Copy and post the Fixlog please.

PS: We will get you to re enable Avira hosts protection when it’s cleaned out.

Finally after running the fixlist and a reboot, can you please do one more FRST scan as you did 2 posts ago, and post the 2 logs again please.

Hi gus,

When I disabled hosts protection in Avira everything slowed down and eventually Windows Explorer crashed. Perhaps just a coincidence.

I ran the fixlist and re-ran FRST, please see the logs in my next posts.

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by David (02-04-2018 12:36:50) Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David & UpdatusUser (Available Profiles: David & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:

---

Start
CreateRestorepoint:
CloseProcesses:
Hosts:
Reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

The system needed a reboot.

==== End of Fixlog 12:37:45 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by David (administrator) on DAVID-PC (02-04-2018 12:47:33)
Running from C:\Users\David\Desktop
Loaded Profiles: David & UpdatusUser (Available Profiles: David & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(IBM Corp.) C:\ProgramData\Trusteer\Rapport\store\tmp\dn_00000 4a8_0000e6c5\RapportSetup-Full.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebH elper.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-07-18] (Realtek Semiconductor)
HKLM...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-12] (Avira Operations GmbH & Co. KG)
HKLM...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261944 2018-01-22] (Apple Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Run: [Dropbox Update] => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebH elper.exe [1579120 2017-08-29] (Spotify Ltd)
HKU\S-1-5-21-1365679944-132168641-953657067-1057...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1365679944-132168641-953657067-1057...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [72192 2009-07-14] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL → No File
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk [2018-03-30]
ShortcutTarget: Dropbox.lnk → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-07]
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip..\Interfaces{DD471341-BEC1-4000-9EE1-06BD35EC3BA0}: [DhcpNameServer] 192.168.0.1
[HEADING=1]Internet Explorer:[/HEADING]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/?q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper → {72853161-30C5-4D22-B7F9-0BBC1D38A37E} → C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Easy Photo Print → {9421DD08-935F-4701-A9CA-22DF90AC4EA6} → C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\3bgnvy7a.default-1482517495665 [2018-03-30]
FF Extension: (Avira Browser Safety) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\3bgnvy7a.default-1482517495665\Extensionsabs@avira.com.xpi [2018-02-27]
FF Extension: (uBlock Origin) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pro files\3bgnvy7a.default-1482517495665\ExtensionsuBlock0@raymondhill.net.xpi [2018-02-27]
FF ProfilePath: C:\Users\David\AppData\Roaming\eMusic\eMusic Download Manager\Profiles\w4rn4tx3.default [2017-02-16]
FF HKLM...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2017-02-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_ 113.dll [2018-03-23] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 → C:\Program Files\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 → C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf → C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-12-01] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin → C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 → C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 → C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 → C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 → C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision → C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming → C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 → C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-1365679944-132168641-953657067-1000: @tools.google.com/Google Update;version=3 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1365679944-132168641-953657067-1000: @tools.google.com/Google Update;version=9 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-04-02]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2017-02-16]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2017-02-16]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjb keiagm [2018-03-23]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2017-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2017-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2018-03-24]
StartMenuInternet: Google Chrome - C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1136744 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [492560 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [492560 2018-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1533608 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [443024 2018-03-12] (Avira Operations GmbH & Co. KG)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-12-11] (Foxit Software Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe [189736 2009-09-25] (Seagate Technology LLC)
S4 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S4 gupdate1c9eaad5b861f00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-11] (Google Inc.)
S4 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [87416 2007-07-27] (Juniper Networks)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-11] (IObit)
R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [5243208 2018-03-11] (IBM Corp.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [156088 2018-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23304 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-05-25] (REALiX™)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-11-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [138616 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [770936 2015-11-03] (AO Kaspersky Lab)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-12] (Lavasoft AB)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [296880 2018-03-11] (IBM Corp.)
R1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\baseline\RapportCerberus32_1908103.sys [1119272 2018-02-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [395624 2018-03-11] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [200936 2018-03-11] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [321256 2018-03-11] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [466728 2018-03-11] (IBM Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2006-12-22] (VM)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-01 12:08 - 2018-04-01 12:09 - 001764352 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2018-03-31 11:50 - 2018-03-31 11:50 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\3741A264.sys
2018-03-31 11:46 - 2018-03-31 14:48 - 000000000 ____D C:\Users\David\Desktop\mbar
2018-03-31 11:46 - 2018-03-31 12:35 - 000000000 ____D C:\ProgramData\Malwarebytes’ Anti-Malware (portable)
2018-03-31 11:46 - 2018-03-31 11:50 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-03-31 11:44 - 2018-03-31 11:44 - 000001544 _____ C:\RstHosts.txt
2018-03-31 11:42 - 2018-03-31 11:43 - 014178840 _____ (Malwarebytes Corp.) C:\Users\David\Desktop\mbar-1.10.3.1001.exe
2018-03-31 11:42 - 2018-03-31 11:42 - 000353632 _____ C:\Users\David\Desktop\rsthosts_2.0.exe
2018-03-30 20:26 - 2018-04-02 12:37 - 000000653 _____ C:\Users\David\Desktop\Fixlog.txt
2018-03-30 20:12 - 2018-03-30 20:12 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Dropbox
2018-03-30 20:02 - 2018-03-30 20:02 - 001622528 _____ C:\Users\David\Desktop\ResetBrowser.exe
2018-03-29 11:08 - 2018-03-29 11:08 - 000000000 ____D C:\Users\David\Downloads\RevoUninstaller_Portable
2018-03-29 11:05 - 2018-03-29 11:06 - 000000000 ____D C:\Users\David\AppData\Roaming\Geek Uninstaller
2018-03-29 09:17 - 2018-03-29 09:17 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-03-29 09:15 - 2018-03-29 11:04 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-29 00:17 - 2018-03-29 00:15 - 022623816 _____ (Adlice Software) C:\Users\David\Desktop\RogueKiller_portable32.exe
2018-03-28 23:33 - 2018-03-28 23:33 - 000002093 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2018-03-28 23:33 - 2018-03-28 23:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-03-28 21:54 - 2018-04-01 12:15 - 000061763 _____ C:\Users\David\Desktop\Addition.txt
2018-03-28 21:28 - 2018-04-02 12:50 - 000017947 _____ C:\Users\David\Desktop\FRST.txt
2018-03-28 21:09 - 2018-03-28 21:10 - 008222496 _____ (Malwarebytes) C:\Users\David\Desktop\adwcleaner_7.0.8.0.exe
2018-03-26 16:58 - 2018-03-26 17:01 - 001967744 _____ C:\Users\David\Downloads\2VVX3G_LS815_12Apr2018.pd f
2018-03-24 00:09 - 2018-02-13 19:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-24 00:09 - 2018-02-13 19:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-24 00:09 - 2018-02-13 15:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-23 23:53 - 2018-03-23 23:53 - 000000000 ____D C:\Users\David\Documents\Remote Assistance Logs
2018-03-23 21:25 - 2018-03-23 21:25 - 000000000 ____D C:\Users\David\AppData\Local\ESET
2018-03-23 19:06 - 2018-04-02 12:47 - 000000000 ____D C:\FRST
2018-03-11 16:58 - 2018-03-11 16:58 - 000321256 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2018-03-11 16:58 - 2018-03-11 16:58 - 000200936 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-02 12:50 - 2017-02-16 02:38 - 000010880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-02 12:50 - 2017-02-16 02:38 - 000010880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-02 12:45 - 2013-08-14 17:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2018-04-02 12:43 - 2017-02-16 02:42 - 000000000 ____D C:\Users\UpdatusUser
2018-04-02 12:40 - 2017-02-16 02:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-02 12:40 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-31 14:47 - 2015-06-20 15:58 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA.job
2018-03-31 11:51 - 2017-09-25 21:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-30 21:20 - 2016-12-23 00:52 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-03-30 20:14 - 2013-01-21 22:39 - 000000000 ____D C:\Users\David\AppData\Roaming\Dropbox
2018-03-30 20:09 - 2015-06-20 15:57 - 000000000 ____D C:\Users\David\AppData\Local\Dropbox
2018-03-28 23:56 - 2016-06-09 21:29 - 000000000 ____D C:\AdwCleaner
2018-03-28 23:35 - 2017-03-02 23:51 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2018-03-28 23:35 - 2012-07-29 15:01 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2018-03-28 23:33 - 2017-03-03 15:42 - 000000000 ____D C:\ProgramData\Foxit Software
2018-03-28 23:05 - 2017-03-17 18:31 - 000000000 ____D C:\ProgramData\IObit
2018-03-28 22:55 - 2011-01-29 14:17 - 000000000 ____D C:\Users\David\AppData\Roaming\IObit
2018-03-28 22:30 - 2013-10-27 19:56 - 000000000 ____D C:\Users\David\AppData\LocalLow\IObit
2018-03-28 22:16 - 2015-01-03 14:59 - 000000000 ____D C:\Program Files\Common Files\IObit
2018-03-28 21:14 - 2017-03-17 18:22 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-28 20:54 - 2010-11-20 22:01 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-28 20:54 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-03-28 20:50 - 2014-03-17 21:25 - 000000000 ____D C:\ProgramData\ProductData
2018-03-27 12:49 - 2009-06-15 09:43 - 000000000 ____D C:\Users\David\Documents\Dad’s stuff
2018-03-26 17:54 - 2015-06-20 15:57 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core.job
2018-03-24 13:58 - 2013-08-14 14:29 - 000000000 ____D C:\Windows\system32\MRT
2018-03-24 13:46 - 2017-10-11 17:57 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-24 13:45 - 2017-03-03 00:17 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-24 01:05 - 2017-03-09 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-03-24 01:05 - 2017-03-02 22:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-23 23:52 - 2017-10-03 12:11 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2018-03-23 23:52 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-03-23 19:29 - 2017-12-07 23:26 - 000000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-23 19:19 - 2009-04-04 13:02 - 000002405 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Google Chrome.lnk
2018-03-23 19:06 - 2012-04-06 18:38 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-23 19:06 - 2011-06-26 19:01 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-23 19:06 - 2009-03-07 11:23 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2013-06-15 22:44 - 2013-06-15 22:44 - 000000288 _____ () C:\Users\David\AppData\Roaming.backup.dm
2009-08-25 23:24 - 2009-08-25 23:24 - 000024064 _____ () C:\Users\David\AppData\Roaming\UserTile.png
2016-04-26 23:01 - 2016-04-30 12:00 - 000000100 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2017-03-03 18:05 - 2017-03-03 18:05 - 000008248 _____ () C:\Users\David\AppData\Local\en.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 09:13

==================== End of FRST.txt ============================

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by David (02-04-2018 12:52:44)
Running from C:\Users\David\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2017-02-16 09:08:47)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-1365679944-132168641-953657067-500 - Administrator - Disabled)
David (S-1-5-21-1365679944-132168641-953657067-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1365679944-132168641-953657067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1365679944-132168641-953657067-1059 - Limited - Enabled)
UpdatusUser (S-1-5-21-1365679944-132168641-953657067-1057 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM...{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acrobat.com (HKLM...{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1 702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM...{A911056C-E170-476A-9C9E-9E0500E6DC6A}) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM...{BAF5175E-C27F-4252-81B9-E42F01E46CB6}) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM...{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM...{2218B6FE-7215-4EC9-B0E7-F47674AFA2F5}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM...{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Athentech Perfectly Clear (HKLM..._{128FBA3A-36CA-4BEB-8AAA-036A0AF8E4E2}) (Version: 1.0.0.135 - Corel Corporation)
Athentech Perfectly Clear (HKLM...{128FBA3A-36CA-4BEB-8AAA-036A0AF8E4E2}) (Version: 1.0.0.135 - Corel Corporation) Hidden
Avira (HKLM...{5269e51a-b619-4c55-8a5c-8c7eaf27e6cf}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG)
Avira (HKLM...{DBA89A98-6FF1-4FE3-8147-69DD2C5DE889}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Bing Maps 3D (HKLM...{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM...{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM...{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM..._{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.2.0.7 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM...{93EE564E-9DA1-4655-8A90-4E816019B409}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Corel ScreenCap (HKLM...{99642277-4695-438F-8F07-E59D3E8EDB26}) (Version: 1.0.0 - Corel Corporation)
Corel Update Manager (HKLM...{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.7.355 - Corel corporation) Hidden
D3DX10 (HKLM...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dropbox (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Dropbox) (Version: 46.4.65 - Dropbox, Inc.)
EDocs (HKLM...{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Epson Easy Photo Print 2 (HKLM...{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON PhotoQuicker3.5 (HKLM...{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version: - )
EPSON Print CD (HKLM...{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: - )
EPSON Printer Software (HKLM...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
Foxit Reader (HKLM...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
getPlus(R) for Adobe (HKLM...{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM...{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}) (Version: 1.9.4536.8202 - Google, Inc.)
Google Earth (HKLM...{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (HKLM...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
Hauppauge TV Tuner Driver (HKLM...{AF094932-91E6-4EF8-8AB8-1C7226DFEECB}) (Version: 2.0.25312 - Hauppauge Computer Works) Hidden
ICA (HKLM...{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: - )
iPhone Configuration Utility (HKLM...{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
IPM_PSP_COM (HKLM...{9A86C6EE-2CCC-4A51-BCC8-AAF97C2F4615}) (Version: 19.1.0.29 - Corel Corporation) Hidden
iTunes (HKLM...{BAE90D3C-B93B-4B8E-BA38-C9B5575CC483}) (Version: 12.7.3.46 - Apple Inc.)
Juniper Installer Service (HKLM...\SetupService) (Version: 1.1.0.3489 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Neoteris_Host_Checker) (Version: 6.3.0.14715 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Juniper_Setup_Client) (Version: 1.3.3.13503 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Microsoft .NET Framework 4.7.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.1 (HKLM...{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}) (Version: 2.1.0000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM...{91120000-0030-0000-0000-0000000FF1CE}ENTERPRISER{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM...{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM...{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM...{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM...{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM...{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM...{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM...{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM...{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 58.0.2 (x86 en-GB) (HKLM...\Mozilla Firefox 58.0.2 (x86 en-GB)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM...{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM...{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM...{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM...{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PSPPContent (HKLM...{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.1.0.29 - Corel Corporation) Hidden
PSPPHelp (HKLM...{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.1.0.29 - Corel Corporation) Hidden
QuickTime 7 (HKLM...{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM...{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1908.152 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.104.1223.2016 - Realtek)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM...{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (HKLM...{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator DE (HKLM...{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
ScanToWeb (HKLM...{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
SDFormatter (HKLM...{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Seagate Manager Installer (HKLM...{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM...\InstallShield{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows (HKLM...{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.4 - Seagate Technology)
Secunia PSI (3.0.0.11005) (HKLM...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Segoe UI (HKLM...{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}) (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setup (HKLM...{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.1.0.29 - Corel Corporation) Hidden
SIPPS (HKLM...\SIPPS!UninstallKey) (Version: - )
Skype™ 7.24 (HKLM...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM...{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-1365679944-132168641-953657067-1000...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
Trusteer Endpoint Protection (HKLM...\Rapport_msi) (Version: 3.5.1908.152 - Trusteer)
TuxGuitar 1.2 (HKLM...\TuxGuitar_0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM...{91120000-0030-0000-0000-0000000FF1CE}ENTERPRISER{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC 9.0 Runtime (HKLM...{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM...{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (HKLM...{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM...{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows Live Essentials (HKLM...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM...{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZoneAlarm Antivirus (HKLM...{4818D335-B3C0-4CE7-89EF-1380A3A549A3}) (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1365679944-132168641-953657067-1000...\ChromeHTML: → C:\Users\David\AppData\Local\Google\Chrome\Applica tion\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 → C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 → C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.59 .1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] → {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] → {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] → {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] → {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ContextMenuHandlers1: [EPP] → {3F3B81BE-529B-40b9-8189-6666B241ADFA} => C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll [2008-10-22] (SEIKO EPSON CORPORATION)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2013-04-16] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] → {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-12-21] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers4: [GDContextMenu] → {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2013-04-16] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-18] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] → {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] → {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-12-21] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] → {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox Ext.19.0.dll [2018-03-28] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {051D0B09-CFC4-4E3D-8B65-F8FCF2489E6F} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {137ABB43-7313-49E1-81C7-4AB3C31E18DB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {14624C15-C2B0-4738-BAC9-B243666F915D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2018-03-23] (Adobe Systems Incorporated)
Task: {1ABB4027-438B-4C7E-B30C-C112E640419D} - System32\Tasks\CorelUpdateHelperTask-6D51C8F514C231B4491278912C46A4AD => C:\Program Files\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {2BF02622-C870-4B5A-8850-49BA3525A67A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {38F1B869-43D7-41CA-8C59-AAE57DF6CAD1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_ 0_0_113_Plugin.exe [2018-03-23] (Adobe Systems Incorporated)
Task: {41CE564A-97CD-42C3-AC79-5A1CC14B67CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {50B32295-DFEF-495E-B684-1EDC2EAFC3D1} - System32\Tasks{8BAEA27D-0DDA-428A-9727-E208DE68AAAA} => C:\Program Files\Skype\Phone\Skype.exe [2016-05-17] (Skype Technologies S.A.)
Task: {52D7030C-C7A7-43C0-BD62-0F7B6726D22D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {5664BF4D-D5C9-4708-9A0F-72B0E555509E} - System32\Tasks{B28DE500-09F8-4770-8AB1-40C41B0C7399} => C:\Windows\system32\pcalua.exe -a C:\Users\David\Downloads\converter.exe -d C:\Windows\system32
Task: {63370F96-9BAF-4307-9350-1348A42F2579} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA => C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe [2015-08-29] (Google Inc.)
Task: {6467F6B6-F82F-4978-BA3B-98D388624403} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2018-03-02] (Avira Operations GmbH & Co. KG)
Task: {67DDFABE-683F-4953-BE25-41FC8728CC47} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1365679944-132168641-953657067-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {796DCEC3-6154-4AA1-8059-EAB65E5F75A6} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {84B5593E-5FAA-4676-AB89-9511DA7E5917} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core => C:\Users\David\AppData\Local\Google\Update\GoogleU pdate.exe [2015-08-29] (Google Inc.)
Task: {85053098-403B-490A-99A4-F9C40E672C5E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1365679944-132168641-953657067-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {D0AB8569-08AA-4FCD-B319-21339C4255D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core.job => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA.job => C:\Users\David\AppData\Local\Dropbox\Update\Dropbo xUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AE143750-3A46-4BA4-B78A-221DF09B574B}.job => C:\Windows\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-16 02:38 - 2013-01-18 15:20 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-22 04:21 - 2018-01-22 04:21 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 04:21 - 2018-01-22 04:21 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-30 20:10 - 2018-03-28 15:31 - 000746312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox _watchdog.dll
2018-03-30 20:10 - 2018-03-28 15:31 - 002079048 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox _crashpad.dll
2018-03-30 20:12 - 2018-03-28 15:30 - 000100312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin_ctypes. pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000018896 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\select. pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000020808 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\tornado .speedups.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000035808 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin_multipr ocessing.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000694232 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\unicode data.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptog raphy.hazmat.bindings._constant_time.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000130520 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin_cffi_ba ckend.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 001856864 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptog raphy.hazmat.bindings._openssl.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000022880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptog raphy.hazmat.bindings._padding.pyd
2018-03-30 20:10 - 2018-03-28 15:30 - 000145880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pyexpat .pyd
2018-03-30 20:11 - 2018-03-28 15:31 - 000116696 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pywinty pes27.dll
2018-03-30 20:12 - 2018-03-28 15:30 - 000105944 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ap i.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022872 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. crt.compiled._winffi_crt.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000063312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\psutil. _psutil_windows.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000024536 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ev ent.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000077120 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\fastpat h.pyd
2018-03-30 20:10 - 2018-03-28 15:31 - 000392664 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pythonc om27.dll
2018-03-30 20:10 - 2018-03-28 15:30 - 000020952 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\mmapfil e.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000124888 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32fi le.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000114136 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32se curity.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000392520 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32co m.shell.shell.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000026464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. kernel32.compiled._winffi_kernel32.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000043480 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pr ocess.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000024024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32cl ipboard.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000175576 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32gu i.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000030168 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pi pe.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000026072 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32jo b.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000048600 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32se rvice.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000057816 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ev tlog.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000021840 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cpuid.c ompiled._cpuid.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000023376 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winshel l.compiled._winshell.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000022864 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\crashpa d.compiled._Crashpad.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000066400 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winenum handles.compiled._WinEnumHandles.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 001798464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tCore.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000084944 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 001959232 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tGui.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 003863880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWidgets.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000155472 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebEngineWidgets.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000521544 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tNetwork.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000051024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebEngineCore.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000043336 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebChannel.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000131400 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebKit.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000219984 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebKitWidgets.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000204104 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tPrintSupport.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000025440 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winscre enshot.compiled._CaptureScreenshot.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000060888 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pr int.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000054616 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winrpcs erver.compiled._RPCServer.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000024024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pr ofile.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. user32.compiled._winffi_user32.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000028632 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ts .pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022368 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. winerror.compiled._winffi_winerror.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000022368 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. wininet.compiled._winffi_wininet.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000027496 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox .infinite.win.compiled._driverinstallation.pyd
2018-03-30 20:12 - 2018-03-28 15:30 - 000349144 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winxpgu i.pyd
2018-03-30 20:12 - 2018-03-28 15:33 - 000023904 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winveri fysignature.compiled._VerifySignature.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000025432 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\librsyn cffi.compiled._librsyncffi.pyd
2018-03-30 20:10 - 2018-03-28 15:31 - 000036312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\librsyn c.dll
2018-03-30 20:12 - 2018-03-28 15:33 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. advapi32.compiled._winffi_advapi32.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000181064 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox _sqlite_ext.DLL
2018-03-30 20:12 - 2018-03-28 15:33 - 000030544 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\wind3d1 1.compiled._wind3d11.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000024384 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libEGL. DLL
2018-03-30 20:10 - 2018-03-28 15:32 - 001638208 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libGLES v2.dll
2018-03-30 20:12 - 2018-03-28 15:33 - 000026464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi. winhttp.compiled._winffi_winhttp.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000546632 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tQuick.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000359744 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tQml.pyd
2018-03-30 20:10 - 2018-03-28 15:32 - 000038216 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.Q tWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\dell.com → dell.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\007guard.com → install.007guard.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\008i.com → 008i.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\008k.com → www.008k.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\00hq.com → www.00hq.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\010402.com → 010402.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0190-dialers.com → 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\01i.info → 01i.info
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\032439.com → 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\05p.com → 05p.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0calories.net → 0calories.net
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0cj.net → 0cj.net
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\0scan.com → www.0scan.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-2005-search.com → www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-domains-registrations.com → www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000...\1-se.com → 1-se.com

There are 11327 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2018-04-02 12:37 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1365679944-132168641-953657067-1000\Control Panel\Desktop\Wallpaper → C:\Users\David\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1365679944-132168641-953657067-1057\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: cmdAgent => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FreeAgentGoNext Service => 2
MSCONFIG\Services: getPlus(R) Helper => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate1c9eaad5b861f00 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: JuniperAccessService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: sprtsvc_O2 => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SupportSoft RemoteAssist => 3
MSCONFIG\Services: WRSVC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^S tart Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => c:\program files\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
MSCONFIG\startupreg: Advanced SystemCare 6 => “C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe” /AutoStart
MSCONFIG\startupreg: Akamai NetSession Interface => “C:\Users\David\AppData\Local\Akamai\netsession_wi n.exe”
MSCONFIG\startupreg: BigDogPath => C:\Windows\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc%
MSCONFIG\startupreg: CCleaner Monitoring => “C:\Program Files\CCleaner\CCleaner.exe” /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
MSCONFIG\startupreg: Corel File Shell Monitor => “C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe”
MSCONFIG\startupreg: dellsupportcenter => “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P dellsupportcenter
MSCONFIG\startupreg: DellSystemDetect => C:\Users\David\AppData\Local\Apps\2.0\1LLGV105.GMT \RVYL3TNL.DOM\dell..tion_0f612f649c4a10af_0005.000 7_59de4fd2458fcaec\DellSystemDetect.exe
MSCONFIG\startupreg: DivXUpdate => “C:\Program Files\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EPSON SX410 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIF CE.EXE /FU “C:\Windows\TEMP\E_S7A24.tmp” /EF “HKCU”
MSCONFIG\startupreg: Google Update => C:\Users\David\AppData\Local\Google\Update\1.3.32. 7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GrooveMonitor => “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: MaxMenuMgr => “C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe”
MSCONFIG\startupreg: NvCplDaemon => “RUNDLL32.EXE” C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => “RUNDLL32.EXE” C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: O2 => “C:\Program Files\O2\bin\sprtcmd.exe” /P O2
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => “C:\Program Files\QuickTime\QTTask.exe” -atboottime
MSCONFIG\startupreg: RtHDVCpl => “RtHDVCpl.exe”
MSCONFIG\startupreg: Sidebar => “C:\Program Files\Windows Sidebar\sidebar.exe” /autoRun
MSCONFIG\startupreg: Spotify Web Helper => “C:\Users\David\AppData\Roaming\Spotify\SpotifyWeb Helper.exe”
MSCONFIG\startupreg: SunJavaUpdateSched => “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
MSCONFIG\startupreg: TkBellExe => “c:\program files\real\realplayer\Update\realsched.exe” -osboot
MSCONFIG\startupreg: Windows Defender => “%ProgramFiles%\Windows Defender\MSASCui.exe” -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WRSVC => “C:\Program Files\Webroot\WRSA.exe” -ul

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

14-09-2017 12:36:33 Windows Update
20-09-2017 14:28:57 Windows Update
22-09-2017 17:20:46 Installed Rapport
06-10-2017 17:14:17 Installed Rapport
11-10-2017 17:56:20 Windows Update
10-11-2017 14:33:19 Scheduled Checkpoint
16-11-2017 15:37:06 Windows Update
23-11-2017 04:01:48 Windows Update
28-11-2017 23:22:06 Windows Update
07-12-2017 23:27:43 Windows Update
13-12-2017 16:08:21 Windows Update
21-12-2017 13:30:25 Installed Rapport
04-01-2018 17:24:32 Installed Rapport
10-01-2018 13:04:32 Windows Update
23-01-2018 13:59:19 Installed Rapport
08-02-2018 17:31:10 Installed Rapport
14-02-2018 15:52:21 Windows Update
22-02-2018 13:10:40 Scheduled Checkpoint
11-03-2018 17:49:51 Windows Update
24-03-2018 13:38:32 Windows Update
28-03-2018 20:57:58 Windows Update
30-03-2018 20:09:30 Revo Uninstaller’s restore point - SUPERAntiSpyware
30-03-2018 20:26:07 Restore Point Created by FRST
30-03-2018 21:12:07 ResetBrowser
02-04-2018 12:36:52 Restore Point Created by FRST
02-04-2018 12:43:47 Installed Rapport

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (04/02/2018 12:43:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {94895a9d-be0e-44eb-8057-57081b4757ff}

Error: (04/02/2018 12:41:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/02/2018 12:36:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cfead1cd-51a3-4bc2-8320-83623ad3bdb0}

Error: (04/02/2018 12:35:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7ac

Start Time: 01d3ca747e0152fc

Termination Time: 702

Application Path: C:\Windows\Explorer.EXE

Report Id: e4db5428-3669-11e8-b5a5-0021705a8342

Error: (04/02/2018 12:21:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/01/2018 12:07:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 09:18:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2018 08:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
[HEADING=1]System errors:[/HEADING]
Error: (04/02/2018 12:39:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The pipe has been ended.

Error: (04/02/2018 12:37:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} did not register with DCOM within the required timeout.

Error: (04/02/2018 12:37:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/02/2018 12:37:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/02/2018 12:37:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Reader Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/02/2018 12:37:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/02/2018 12:37:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Corel License Validation Service V2, Powered by arvato service terminated unexpectedly. It has done this 1 time(s).

Error: (04/02/2018 12:37:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly. It has done this 1 time(s).
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2017-02-16 00:23:17.624
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:16.922
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:16.235
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:15.471
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:59.875
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:59.188
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:58.517
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:57.862
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 38%
Total physical RAM: 3071.18 MB
Available physical RAM: 1891.94 MB
Total Virtual: 6140.68 MB
Available Virtual: 4331.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.55 GB) (Free:393.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.67 GB) NTFS
Drive k: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:496.18 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E46CEBE2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hi, and thank you for that, your hosts file is now clean so we now know there cant be anything there to cause issues. If you wish to lock your Hosts file again you can reverse the steps you took to unlock it. Also suggest you now see how the pc goes for a few days?

I will now clean up all the tools we used.

Please go HERE and download Delfix Save it to your desktop.
Right click the new Delfix desktop icon
[MEDIA=imgur]3gArQoZ[/MEDIA]
and then click “[COLOR=rgb(184, 49, 47)]run as administrator”
Place a tick in the following checkboxes

[ol]
[li]Remove disinfection tools[/li][li]Create registry backup[/li][li]Purge system restore[/li][li]Then select “Run”[/li][/ol]

[MEDIA=imgur]tdR6h0N[/MEDIA]

Delfix will remove the tools used to clean your PC and remove itself. When finished a .txt file will display on your desktop. A copy of this file will be also located as C:\Delfix.txt.

[COLOR=rgb(184, 49, 47)]Please post a copy of this file in your next post[COLOR=rgb(184, 49, 47)][/COLOR][/COLOR][/COLOR]

[HEADING=1]DelFix v1.013 - Logfile created 02/04/2018 at 23:46:04[/HEADING]
[HEADING=1]Updated 17/04/2016 by Xplode[/HEADING]
[HEADING=1]Username : David - DAVID-PC[/HEADING]
[HEADING=1]Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)[/HEADING]
~ Removing disinfection tools …

Deleted : C:_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\David\Desktop\mbar
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\RstHosts.txt
Deleted : C:\Users\David\Desktop\Addition.txt
Deleted : C:\Users\David\Desktop\AdwCleaner Error.PNG
Deleted : C:\Users\David\Desktop\adwcleaner_7.0.8.0.exe
Deleted : C:\Users\David\Desktop\Fixlog.txt
Deleted : C:\Users\David\Desktop\FRST.exe
Deleted : C:\Users\David\Desktop\FRST.txt
Deleted : C:\Users\David\Desktop\RogueKiller_portable32.exe
Deleted : C:\Users\David\Desktop\rsthosts_2.0.exe
Deleted : C:\Users\David\Downloads\Worthy By Your Grace Ruff.mp3
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASW MBR

~ Creating registry backup … OK

~ Cleaning system restore …

Deleted : RP #59 [Windows Update | 09/14/2017 11:36:33]
Deleted : RP #60 [Windows Update | 09/20/2017 13:28:57]
Deleted : RP #62 [Installed Rapport | 09/22/2017 16:20:46]
Deleted : RP #64 [Installed Rapport | 10/06/2017 16:14:17]
Deleted : RP #65 [Windows Update | 10/11/2017 16:56:20]
Deleted : RP #66 [Scheduled Checkpoint | 11/10/2017 13:33:19]
Deleted : RP #67 [Windows Update | 11/16/2017 14:37:06]
Deleted : RP #68 [Windows Update | 11/23/2017 03:01:48]
Deleted : RP #69 [Windows Update | 11/28/2017 22:22:06]
Deleted : RP #70 [Windows Update | 12/07/2017 22:27:43]
Deleted : RP #71 [Windows Update | 12/13/2017 15:08:21]
Deleted : RP #73 [Installed Rapport | 12/21/2017 12:30:25]
Deleted : RP #75 [Installed Rapport | 01/04/2018 16:24:32]
Deleted : RP #76 [Windows Update | 01/10/2018 12:04:32]
Deleted : RP #78 [Installed Rapport | 01/23/2018 12:59:19]
Deleted : RP #80 [Installed Rapport | 02/08/2018 16:31:10]
Deleted : RP #81 [Windows Update | 02/14/2018 14:52:21]
Deleted : RP #82 [Scheduled Checkpoint | 02/22/2018 12:10:40]
Deleted : RP #83 [Windows Update | 03/11/2018 16:49:51]
Deleted : RP #84 [Windows Update | 03/24/2018 12:38:32]
Deleted : RP #85 [Windows Update | 03/28/2018 19:57:58]
Deleted : RP #87 [Revo Uninstaller’s restore point - SUPERAntiSpyware | 03/30/2018 19:09:30]
Deleted : RP #89 [Restore Point Created by FRST | 03/30/2018 19:26:07]
Deleted : RP #90 [ResetBrowser | 03/30/2018 20:12:07]
Deleted : RP #92 [Restore Point Created by FRST | 04/02/2018 11:36:52]
Deleted : RP #94 [Installed Rapport | 04/02/2018 11:43:47]

New restore point created !

########## - EOF - ##########

Thanks very much for your help gus.

Out of interest, what were the main issues you fixed? Was there any nasty stuff which was removed? Was there some software conflicts?

It seems you have run many scan tools on your pc, be careful with tools such as OTL and hijack this, as unsupervised they can cause major problems. There was no infections in the scans noted but running multiple security apps at the same time is always a recipe for disaster. Whilst I shall refrain from mentioning specific names, yes there was some rubbish software installed, and we tidied up some stuff.

If you don’t use Dropbox you could remove that which would also reduce some resources used.

Glad your machine is running better, I might close the thread now if you are happy to, and should you need it opened again please PM me or another staff member and we can open it again for you.

Thanks for all your help gus. I am happy to close the thread; I’ll report back if there are any issues.