Solved PC Slow with Frequent Not Responding Message

werdnarolyat · Mar 23, 2018

Hi,

My parent's PC is performing very slowly and programs frequently present the "Not Responding" message which is making it very frustrating to use.

I believe the PC was affected by the CCleaner malware event; I have run Avira and Malwarebytes but nothing was discovered.

Additionally, when I try to open Malwarebytes I get a pop-up message saying "Malwarebytes is unable to load the Anti-Rootkit DDA Driver. This error may be due to rootkit activity. We recommend rebooting so Malwarebytes can attempt to install the driver".

Finally, my dad said there was a pop-up in the bottom right of the screen saying the version of Windows isn't genuine. However, I checked in the system menu and the licence is fully activated.

I will do the pre-work and post below.

gus · Mar 24, 2018

@werdnarolyat The use of the tools you have provided logs from is not permitted in this forum.

werdnarolyat · Mar 24, 2018

Thanks for the reply. Does that mean there are tools on the computer which are not permitted in the forum?

gus · Mar 24, 2018

As per forum instructions

https://pchelpforum.net/t/posting-instructions-am-i-infected.11234/

Edit: Thread moved to Malware removal

gus · Mar 25, 2018

Hello werdarolyat and welcome to PCHF

My Name is Gus and I'll be helping you. Before we start can I ask you to read these instructions carefully and if possible print them out for use as we go through the cleaning process. Depending on what tools are in use you may not have access to these instructions.

If you are unsure of any request as we progress PLEASE ASK, and remember as we proceed that there is no such thing as a silly question.
Please let me know if you are receiving help at another forum on this issue so I can close this thread?
At the right hand top of your first post please click on the"Watch thread" marker so you will receive an immediate alert when I reply.
Please do not run any tools other than the ones we ask you to, some can be very dangerous and actually make things worse.
Should any tools we ask you to use give you a security warning you can safely allow them to run, they have all been proven safe.
Download any requested tools and make sure to run them from the desktop, unless specifically instructed otherwise.
Please do not install any other software whilst we cleanup, this can complicate the process, making cleaning impossible.
With malware it can be impossible to determine the outcome, and whilst we will work to a positive result we strongly recommend you backup all your personal files and folders before we begin.
As we proceed with disinfecting it may appear as if your computer is back to normal, but please stay with me till I give you the all clear. In return I will do the same for you.
Do remember the fixes used to clean your machine are meant for your computer only, and the use on another computer may cause serious damage to that machine.
When your machine has been cleaned we will remove all the tools used, and also give you some tips to keep your computer clean and safe in the future.
Finally, please allow me a little time to analyse any logs I request from you, I know you want your computer cleaned yesterday but please remember we are all volunteers here and we do have a life that sometimes takes us away from computers. If your thread gets closed due to no response from you you can PM me or a staff member and have it reopened. Should you not hear from me within 48 hours please PM me.
That's the last of the fine print so lets get under way

We need a log from Farbar Recovery Scan Tool (FRST) to examine your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please COPY and PASTE the contents of these two files in your next post.

We will also need a log from AdwCleaner for further information.

Please download a copy of AdwCleaner from HERE, it is important to download it to your desktop.

Once downloaded to the desktop AdwCleaner will create an icon

Should you receive any security warnings or your User Account Control warning appears whilst you are using this application you can safely allow AdwCleaner to continue.

Before running AdwCleaner please ensure all other programs and browsers are closed, then double left click the icon to open it.

AdwCleaner will open, click the scan button to start searching.

The scan may take some time to complete, and when it has any malware found will be automatically selected for quarantining. Click the "Clean" button.

After a few seconds a message should tell you your computer will now reboot. Allow the reboot.

When the computer restarts a log file will be displayed, but if its closed for any reason before copying the contents, you will find a copy of the file if you navigate to C:\AdwCleaner[C#].txt (The C denotes the Cleaning log)

Please Copy and Paste the contents of the log file with your next reply.

werdnarolyat · Mar 25, 2018

Thanks for this.

Just one question, will it be possible for me to run these scans remotely via remote assistance? The PC is at my folks' house.

If not, it might be a few days before I can post results.

gus · Mar 26, 2018

Please use the pc directly affected. Will leave this thread open for a few days pending a response

werdnarolyat · Mar 27, 2018

Thanks gus. I should be able to post results tomorrow.

gus · Mar 28, 2018

werdnarolyat · Mar 28, 2018

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by David (administrator) on DAVID-PC (28-03-2018 21:51:38)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Dropbox, Inc.) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [261944 2018-01-22] (Apple Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Run: [Dropbox Update] => C:\Users\David\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Run: [Google Update] => C:\Users\David\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-16] (Google Inc.)
HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-08-29] (Spotify Ltd)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-03-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-07]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DD471341-BEC1-4000-9EE1-06BD35EC3BA0}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp
HKU\S-1-5-21-1365679944-132168641-953657067-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKLM -> DefaultScope {CE278C74-1B0C-4615-96A3-38CC94C07A27} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {CE278C74-1B0C-4615-96A3-38CC94C07A27} URL =
SearchScopes: HKU\S-1-5-21-1365679944-132168641-953657067-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1365679944-132168641-953657067-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3bgnvy7a.default-1482517495665 [2018-03-28]
FF Extension: (Avira Browser Safety) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3bgnvy7a.default-1482517495665\Extensions\abs@avira.com.xpi [2018-02-27]
FF Extension: (uBlock Origin) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3bgnvy7a.default-1482517495665\Extensions\uBlock0@raymondhill.net.xpi [2018-02-27]
FF ProfilePath: C:\Users\David\AppData\Roaming\eMusic\eMusic Download Manager\Profiles\w4rn4tx3.default [2017-02-16]
FF Extension: (No Name) - C:\Program Files\eMusic Download Manager\xulrunner\extensions\dlm_itunes@emusic.com [not found]
FF Extension: (No Name) - C:\Program Files\eMusic Download Manager\xulrunner\extensions\dlm_winamp@emusic.com [not found]
FF Extension: (No Name) - C:\Program Files\eMusic Download Manager\xulrunner\extensions\dlm_wmp@emusic.com [not found]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2017-02-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-23] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2011-10-17] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ [] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [2012-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-1365679944-132168641-953657067-1000: @tools.google.com/Google Update;version=3 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1365679944-132168641-953657067-1000: @tools.google.com/Google Update;version=9 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2018-03-28]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-16]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-16]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-03-23]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
StartMenuInternet: Google Chrome - C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-03-02] (SUPERAntiSpyware.com)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1136744 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [492560 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [492560 2018-03-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1533608 2018-03-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [443024 2018-03-12] (Avira Operations GmbH & Co. KG)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-09-25] (Seagate Technology LLC)
S4 getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S4 gupdate1c9eaad5b861f00; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-11] (Google Inc.)
S4 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [87416 2007-07-27] (Juniper Networks)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-11] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [46440 2017-06-18] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [130912 2017-09-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [156088 2018-02-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35840 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [59000 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23304 2017-06-18] (Avira Operations GmbH & Co. KG)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-05-25] (REALiX(tm))
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [155304 2015-11-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [138616 2015-11-03] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [111440 2016-08-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [770936 2015-11-03] (AO Kaspersky Lab)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-07-12] (Lavasoft AB)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2018-03-28] (Malwarebytes)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [302168 2018-01-24] (IBM Corp.)
R1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1908103.sys [1119272 2018-02-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [401360 2018-01-24] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [206360 2018-01-24] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [326672 2018-01-24] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [472080 2018-01-24] (IBM Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-07-21] (Windows (R) Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ZSMC301b; C:\Windows\System32\Drivers\usbVM31b.sys [91527 2006-12-22] (VM)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-28 21:49 - 2018-03-28 21:49 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-28 21:28 - 2018-03-28 21:52 - 000019955 _____ C:\Users\David\Desktop\FRST.txt
2018-03-28 21:09 - 2018-03-28 21:10 - 008222496 _____ (Malwarebytes) C:\Users\David\Desktop\adwcleaner_7.0.8.0.exe
2018-03-28 21:09 - 2018-03-28 21:09 - 001764352 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2018-03-26 16:58 - 2018-03-26 17:01 - 001967744 _____ C:\Users\David\Downloads\2VVX3G_LS815_12Apr2018.pdf
2018-03-24 00:09 - 2018-02-13 19:31 - 000117440 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-24 00:09 - 2018-02-13 19:24 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-24 00:09 - 2018-02-13 15:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-24 00:09 - 2018-02-13 15:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-23 23:53 - 2018-03-23 23:53 - 000000000 ____D C:\Users\David\Documents\Remote Assistance Logs
2018-03-23 21:25 - 2018-03-23 21:25 - 006968952 _____ (ESET spol. s r.o.) C:\Users\David\Downloads\esetonlinescanner_enu.exe
2018-03-23 21:25 - 2018-03-23 21:25 - 000000000 ____D C:\Users\David\AppData\Local\ESET
2018-03-23 19:06 - 2018-03-28 21:51 - 000000000 ____D C:\FRST
2018-03-23 18:51 - 2018-03-23 18:51 - 000000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-11 21:50 - 2018-03-11 21:50 - 000380928 _____ C:\Users\David\Downloads\4jtq78j5.exe
2018-03-02 16:33 - 2018-03-02 16:33 - 000526818 _____ C:\Users\David\Downloads\Fwd%3a_Data_Protection_Letter_and_Attachments.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-28 21:48 - 2017-02-16 02:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-28 21:48 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-28 21:33 - 2017-02-16 02:38 - 000010880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-28 21:33 - 2017-02-16 02:38 - 000010880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-28 21:19 - 2016-04-26 22:01 - 000000270 _____ C:\Windows\Tasks\{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job
2018-03-28 21:14 - 2017-03-17 18:22 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-28 21:01 - 2016-12-23 00:52 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2018-03-28 20:55 - 2015-06-20 15:58 - 000000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA.job
2018-03-28 20:54 - 2010-11-20 22:01 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-28 20:54 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-03-28 20:50 - 2014-03-17 21:25 - 000000000 ____D C:\ProgramData\ProductData
2018-03-27 12:49 - 2009-06-15 09:43 - 000000000 ____D C:\Users\David\Documents\Dad's stuff
2018-03-26 17:54 - 2015-06-20 15:57 - 000000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core.job
2018-03-24 13:58 - 2013-08-14 14:29 - 000000000 ____D C:\Windows\system32\MRT
2018-03-24 13:46 - 2017-10-11 17:57 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-24 13:45 - 2017-03-03 00:17 - 127391104 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-24 01:05 - 2017-03-09 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-03-24 01:05 - 2017-03-02 22:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-23 23:52 - 2017-10-03 12:11 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2018-03-23 23:52 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2018-03-23 19:29 - 2017-12-07 23:26 - 000000967 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-03-23 19:19 - 2009-04-04 13:02 - 000002405 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 19:06 - 2012-04-06 18:38 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-03-23 19:06 - 2011-06-26 19:01 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-03-23 19:06 - 2009-03-07 11:23 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-23 18:52 - 2013-01-21 22:39 - 000000000 ____D C:\Users\David\AppData\Roaming\Dropbox
2018-03-11 21:59 - 2017-03-02 23:51 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2018-03-02 13:22 - 2012-08-13 09:26 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-03-02 13:22 - 2009-03-14 20:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-27 23:49 - 2009-03-13 20:50 - 000000000 ____D C:\Users\David\AppData\Roaming\Mozilla

==================== Files in the root of some directories =======

2012-03-19 23:22 - 2012-03-19 23:22 - 003993600 _____ () C:\Program Files\GUT3E11.tmp
2013-06-15 22:44 - 2013-06-15 22:44 - 000000288 _____ () C:\Users\David\AppData\Roaming\.backup.dm
2009-08-25 23:24 - 2009-08-25 23:24 - 000024064 _____ () C:\Users\David\AppData\Roaming\UserTile.png
2016-04-26 23:01 - 2016-04-30 12:00 - 000000100 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2017-03-03 18:05 - 2017-03-03 18:05 - 000008248 _____ () C:\Users\David\AppData\Local\en.ini

Files to move or delete:
====================
C:\Windows\Tasks\{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-24 14:25

==================== End of FRST.txt ============================

werdnarolyat · Mar 28, 2018

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by David (28-03-2018 21:54:28)
Running from C:\Users\David\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2017-02-16 09:08:47)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1365679944-132168641-953657067-500 - Administrator - Disabled)
David (S-1-5-21-1365679944-132168641-953657067-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1365679944-132168641-953657067-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1365679944-132168641-953657067-1059 - Limited - Enabled)
UpdatusUser (S-1-5-21-1365679944-132168641-953657067-1057 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\{A911056C-E170-476A-9C9E-9E0500E6DC6A}) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\{BAF5175E-C27F-4252-81B9-E42F01E46CB6}) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2218B6FE-7215-4EC9-B0E7-F47674AFA2F5}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Athentech Perfectly Clear (HKLM\...\_{128FBA3A-36CA-4BEB-8AAA-036A0AF8E4E2}) (Version: 1.0.0.135 - Corel Corporation)
Athentech Perfectly Clear (HKLM\...\{128FBA3A-36CA-4BEB-8AAA-036A0AF8E4E2}) (Version: 1.0.0.135 - Corel Corporation) Hidden
Avira (HKLM\...\{5269e51a-b619-4c55-8a5c-8c7eaf27e6cf}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG)
Avira (HKLM\...\{DBA89A98-6FF1-4FE3-8147-69DD2C5DE889}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM\...\_{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.2.0.7 - Corel Corporation)
Corel PaintShop Pro X9 (HKLM\...\{93EE564E-9DA1-4655-8A90-4E816019B409}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Corel ScreenCap (HKLM\...\{99642277-4695-438F-8F07-E59D3E8EDB26}) (Version: 1.0.0 - Corel Corporation)
Corel Update Manager (HKLM\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.7.355 - Corel corporation) Hidden
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell System Detect (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dropbox (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON PhotoQuicker3.5 (HKLM\...\{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version: - )
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
getPlus(R) for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
Google Chrome (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM\...\{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}) (Version: 1.9.4536.8202 - Google, Inc.)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
Hauppauge TV Tuner Driver (HKLM\...\{AF094932-91E6-4EF8-8AB8-1C7226DFEECB}) (Version: 2.0.25312 - Hauppauge Computer Works) Hidden
ICA (HKLM\...\{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.1.0.29 - Corel Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
IPM_PSP_COM (HKLM\...\{9A86C6EE-2CCC-4A51-BCC8-AAF97C2F4615}) (Version: 19.1.0.29 - Corel Corporation) Hidden
iTunes (HKLM\...\{BAE90D3C-B93B-4B8E-BA38-C9B5575CC483}) (Version: 12.7.3.46 - Apple Inc.)
Juniper Installer Service (HKLM\...\SetupService) (Version: 1.1.0.3489 - Juniper Networks)
Juniper Networks Host Checker (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Neoteris_Host_Checker) (Version: 6.3.0.14715 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Juniper_Setup_Client) (Version: 1.3.3.13503 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 1.3.1.6 - Juniper Networks)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.1 (HKLM\...\{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}) (Version: 2.1.0000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{A71D5E81-B967-43DB-93D7-FD31BFB95748}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 58.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 58.0.2 (x86 en-GB)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (HKLM\...\{32343DB6-9A52-40C9-87E4-5E7C79791C87}) (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PSPPContent (HKLM\...\{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.1.0.29 - Corel Corporation) Hidden
PSPPHelp (HKLM\...\{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.1.0.29 - Corel Corporation) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1908.137 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.104.1223.2016 - Realtek)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version: - )
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Seagate Manager Installer (HKLM\...\{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.4 - Seagate Technology)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Segoe UI (HKLM\...\{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}) (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Setup (HKLM\...\{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.1.0.29 - Corel Corporation) Hidden
SIPPS (HKLM\...\SIPPS!UninstallKey) (Version: - )
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\Spotify) (Version: 1.0.59.395.ge6ca9946 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1908.137 - Trusteer)
TuxGuitar 1.2 (HKLM\...\TuxGuitar_0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VC 9.0 Runtime (HKLM\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC 9.0 Runtime (HKLM\...\{A040AC77-C1AA-4CC9-8931-9F648AF178F6}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (HKLM\...\{5EE7D259-D137-4438-9A5F-42F432EC0421}) (Version: 1.1.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
ZoneAlarm Antivirus (HKLM\...\{4818D335-B3C0-4CE7-89EF-1380A3A549A3}) (Version: 14.1.011.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\ChromeHTML: -> C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.51.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.57.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\David\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.33.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\David\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2013-04-16] (Google)
ContextMenuHandlers1: [EPP] -> {3F3B81BE-529B-40b9-8189-6666B241ADFA} => C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll [2008-10-22] (SEIKO EPSON CORPORATION)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2013-04-16] (Google)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-12-21] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => -> No File
ContextMenuHandlers1: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files\CheckPoint\ZoneAlarm\zlavscan.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2013-04-16] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-18] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2017-12-21] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [ZLAVShExt] -> {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files\CheckPoint\ZoneAlarm\zlavscan.dll -> No File
ContextMenuHandlers1_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1365679944-132168641-953657067-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.0.dll [2018-03-15] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {051D0B09-CFC4-4E3D-8B65-F8FCF2489E6F} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-07-21] (Realtek)
Task: {07BA4BB6-FE13-4020-985A-780781738826} - \Driver Booster SkipUAC (David) -> No File <==== ATTENTION
Task: {0FA34E30-83C3-40D2-921D-6C432B6E9E53} - System32\Tasks\CorelUpdateHelperTask-6D51C8F514C231B4491278912C46A4AD => C:\Program Files\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {137ABB43-7313-49E1-81C7-4AB3C31E18DB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core => C:\Users\David\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {14624C15-C2B0-4738-BAC9-B243666F915D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-23] (Adobe Systems Incorporated)
Task: {2BF02622-C870-4B5A-8850-49BA3525A67A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA => C:\Users\David\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {2BF84EFE-C4BA-4720-BD3C-C9BFBC620937} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {38F1B869-43D7-41CA-8C59-AAE57DF6CAD1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-23] (Adobe Systems Incorporated)
Task: {41CE564A-97CD-42C3-AC79-5A1CC14B67CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {50B32295-DFEF-495E-B684-1EDC2EAFC3D1} - System32\Tasks\{8BAEA27D-0DDA-428A-9727-E208DE68AAAA} => C:\Program Files\Skype\Phone\Skype.exe [2016-05-17] (Skype Technologies S.A.)
Task: {52D7030C-C7A7-43C0-BD62-0F7B6726D22D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {5664BF4D-D5C9-4708-9A0F-72B0E555509E} - System32\Tasks\{B28DE500-09F8-4770-8AB1-40C41B0C7399} => C:\Windows\system32\pcalua.exe -a C:\Users\David\Downloads\converter.exe -d C:\Windows\system32
Task: {57A9D223-4743-42A4-A195-BD5F48C5755B} - System32\Tasks\SmartDefrag => C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {63370F96-9BAF-4307-9350-1348A42F2579} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6467F6B6-F82F-4978-BA3B-98D388624403} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2018-03-02] (Avira Operations GmbH & Co. KG)
Task: {67DDFABE-683F-4953-BE25-41FC8728CC47} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1365679944-132168641-953657067-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {796DCEC3-6154-4AA1-8059-EAB65E5F75A6} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files\Corel\CUH\v2\CUH.exe [2018-02-23] (Corel Corporation)
Task: {8401FDD5-BD53-4F87-AA11-45BB97713683} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {84B5593E-5FAA-4676-AB89-9511DA7E5917} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core => C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {85053098-403B-490A-99A4-F9C40E672C5E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1365679944-132168641-953657067-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {878236F4-BFB9-42A4-8EB7-BA1552F24AF4} - \{4DB442F9-C5C4-47D4-CABC-256BB9E033EC} -> No File <==== ATTENTION
Task: {BB81403D-923E-4F31-B6FA-1F24F0BDD336} - System32\Tasks\{DF81553E-9FE4-46F9-A698-E6FEC3497677} => C:\Windows\system32\pcalua.exe -a C:\Users\David\Downloads\Xvid-1.2.2-07062009.exe -d "K:\Photos\Lost season 5"
Task: {C2C21F40-674F-47CF-8D11-D24E7D21EBBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {D0AB8569-08AA-4FCD-B319-21339C4255D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-11] (Google Inc.)
Task: {DEAEF5E5-4577-4785-B02A-19A99003D01F} - \{77FD207A-F73E-4650-9133-C6BF9DCB9A1D} -> No File <==== ATTENTION
Task: {E3B74E19-B294-4BA5-8891-D72218EE4503} - System32\Tasks\{C16E4FDC-EC6A-4B6B-9404-EDA79210A247} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F31BB7E0-A603-46F9-B04E-10075749C18E} - System32\Tasks\{6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.8.0.158.259/en/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000Core.job => C:\Users\David\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1365679944-132168641-953657067-1000UA.job => C:\Users\David\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
Task: C:\Windows\Tasks\SmartDefrag.job => C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{AE143750-3A46-4BA4-B78A-221DF09B574B}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job => C:\Users\David\AppData\Local\{453F7~1\UNINST~1.EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-16 02:38 - 2013-01-18 15:20 - 000079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-22 04:21 - 2018-01-22 04:21 - 001042232 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 04:21 - 2018-01-22 04:21 - 000076088 _____ () C:\Program Files\iTunes\zlib1.dll
2018-03-23 18:50 - 2018-03-15 12:50 - 000746312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-03-23 18:50 - 2018-03-15 12:50 - 002079048 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-03-23 18:50 - 2018-03-15 12:50 - 000100312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000018896 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\select.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000020808 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000035808 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000694232 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000130520 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 001856864 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000022880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000145880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000116696 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-03-23 18:50 - 2018-03-15 12:50 - 000105944 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000022872 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000063312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000024536 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000077120 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000020952 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000124888 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000114136 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000392664 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-03-23 18:50 - 2018-03-15 12:53 - 000392520 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000026464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000043480 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000024024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000175576 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000030168 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000026072 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000048600 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000057816 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000021840 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000023376 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000022864 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000066400 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 001798464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000084944 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 001959232 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 003863880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000155472 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000521544 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000051024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000043336 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000131400 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000219984 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000204104 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000025440 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000060888 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000054616 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000024024 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000022880 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000028632 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000022368 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000022368 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000027496 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000349144 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-03-23 18:50 - 2018-03-15 12:53 - 000023904 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000025432 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-03-23 18:50 - 2018-03-15 12:50 - 000036312 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\librsync.dll
2018-03-23 18:50 - 2018-03-15 12:53 - 000021856 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000181064 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-03-23 18:50 - 2018-03-15 12:53 - 000030544 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000024384 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-03-23 18:50 - 2018-03-15 12:52 - 001638208 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-03-23 18:50 - 2018-03-15 12:53 - 000026464 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000546632 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000359744 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-03-23 18:50 - 2018-03-15 12:52 - 000038216 _____ () C:\Users\David\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2018-01-09 12:39 - 2017-11-29 10:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\David\Downloads\f9824a1717a164c3.mp4:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1365679944-132168641-953657067-1000\...\1-se.com -> 1-se.com

There are 11327 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-10-24 15:18 - 000444930 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 www.123simsen.com

There are 15277 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1365679944-132168641-953657067-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1365679944-132168641-953657067-1057\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: cmdAgent => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FreeAgentGoNext Service => 2
MSCONFIG\Services: getPlus(R) Helper => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate1c9eaad5b861f00 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: JuniperAccessService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: sprtsvc_O2 => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SupportSoft RemoteAssist => 3
MSCONFIG\Services: WRSVC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => c:\program files\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BigDogPath => C:\Windows\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc%
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: Corel File Shell Monitor => "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe"
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: DellSystemDetect => C:\Users\David\AppData\Local\Apps\2.0\1LLGV105.GMT\RVYL3TNL.DOM\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EPSON SX410 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE /FU "C:\Windows\TEMP\E_S7A24.tmp" /EF "HKCU"
MSCONFIG\startupreg: Google Update => C:\Users\David\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: NvCplDaemon => "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: O2 => "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => "RtHDVCpl.exe"
MSCONFIG\startupreg: Sidebar => "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: Windows Defender => "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05CF087E-C64E-4B61-814C-FD13A6B494C6}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DA0D2A9D-CF58-4D63-95A9-263834660F96}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{2EDE33D7-8E86-4EB9-AEA8-64EB7F98BEF3}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3C2AB1E3-B9C3-4C64-A730-744984D24A82}] => (Allow) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CD5F3F51-9DF3-4BF2-AE8E-17F2F9D5146F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{22026013-FAA5-444E-976C-B6285ECCE026}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DFA8EFA7-8A41-44E6-A698-99378003C888}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDFE950A-4ABA-45B8-BFDF-A4E78669B550}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F51D327-8C81-43D3-8457-E3800EC62119}] => (Allow) svchost.exe
FirewallRules: [{03E74A64-6F3E-4364-B71B-4A54045ACCF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AF576377-8A6D-4FED-92C4-FF0EB2AF3262}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{47CBA9AA-C393-491A-9546-12CEADDAFD9E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CAABCC27-07A9-4E59-B07B-DCD253DAB9FB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{EC035C11-C96F-437D-881E-6E59EC88CD38}] => (Allow) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{39DD02EB-61D9-4D27-99A2-5C882975B183}] => (Allow) C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C26C0584-96CE-461D-8E95-8580B9C3F74F}] => (Allow) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{C505D153-8DA8-42CA-A6DF-513A2B85D07B}] => (Allow) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{715D3D46-2683-4064-874E-67E9E7021D33}] => (Allow) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{193C18DB-ED12-4CCE-AA9B-71B9626251D7}] => (Allow) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [UDP Query User{3F1AF4D2-5F3E-465A-8626-BBF9F0675531}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BD4FD3AA-9047-407A-A79D-09307F39E867}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EA42CFFB-07B3-4D87-9D61-E2023FE8EA7A}C:\program files\spotify\spotify.exe] => (Allow) C:\program files\spotify\spotify.exe
FirewallRules: [TCP Query User{BDB850D8-2F0B-4AFB-A185-48A14D8C6FEA}C:\program files\spotify\spotify.exe] => (Allow) C:\program files\spotify\spotify.exe
FirewallRules: [{55A7882E-1A44-4677-A093-8DD144D49D90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7ADEDB6D-DDF1-4855-80B6-8CDF3553FFBB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E170C54D-5694-4D57-8102-98E0E3936BEA}] => (Allow) LPort=1900
FirewallRules: [{5D7B9ADE-2366-41B8-827E-582763EDB857}] => (Allow) LPort=2869
FirewallRules: [{7F874A11-3D79-46F6-A831-F720A961FA8D}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{603C2E12-B761-49E8-A1A8-21640C9C12B8}] => (Allow) svchost.exe
FirewallRules: [{C9D16E0F-82CA-4487-A868-F49FBB1CF343}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{F5077FFF-61FB-43B2-98FC-AE7231AE55FD}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{A69706D1-D859-4C30-A253-77495A3FBB66}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5A1B4F42-BA6A-4107-8E23-32D951591112}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5EB55078-9ADD-4638-A41E-5DAC00846E90}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{A8D2ED93-A547-486C-823B-F1D2F453806B}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{E200C539-29F5-4DAF-A4F6-038EBF5FB0C1}] => (Allow) C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{C37670A3-9120-4522-BAA7-3244D649118D}] => (Allow) C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{BDE62C79-CE7B-4FBC-B067-9FE0792D2791}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C40F9521-12F8-4A3C-8F30-C2181B0101D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{61BE2BDA-77F4-436C-92AA-3F61561C26C4}C:\users\david\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\david\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{43F9C885-BC26-4D6D-9414-16DDFDD62C47}C:\users\david\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\david\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{93F59A67-B3EE-486D-9894-55F35EAA1671}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4E635DB7-7583-498E-BA38-BEF81DA305DF}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{832A899F-B34E-4389-800B-5090782A4278}C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe] => (Block) C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe
FirewallRules: [UDP Query User{C8CEF33C-16C8-48F1-97E5-A069D9574CA2}C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe] => (Block) C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe
FirewallRules: [{C3250E6D-31E4-4EC3-84AF-34F45B6A5E76}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{CB559F87-345D-425A-9A85-A6918D23D1A5}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

04-09-2017 15:57:18 Installed Rapport
14-09-2017 12:36:33 Windows Update
20-09-2017 14:28:57 Windows Update
22-09-2017 17:20:46 Installed Rapport
06-10-2017 17:14:17 Installed Rapport
11-10-2017 17:56:20 Windows Update
10-11-2017 14:33:19 Scheduled Checkpoint
16-11-2017 15:37:06 Windows Update
23-11-2017 04:01:48 Windows Update
28-11-2017 23:22:06 Windows Update
07-12-2017 23:27:43 Windows Update
13-12-2017 16:08:21 Windows Update
21-12-2017 13:30:25 Installed Rapport
04-01-2018 17:24:32 Installed Rapport
10-01-2018 13:04:32 Windows Update
23-01-2018 13:59:19 Installed Rapport
08-02-2018 17:31:10 Installed Rapport
14-02-2018 15:52:21 Windows Update
22-02-2018 13:10:40 Scheduled Checkpoint
11-03-2018 17:49:51 Windows Update
24-03-2018 13:38:32 Windows Update
28-03-2018 20:57:58 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2018 09:49:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2018 09:31:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f74253
Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a7d
Exception code: 0xc0000005
Fault offset: 0x00031dca
Faulting process id: 0xab4
Faulting application start time: 0x01d3c6d22feb7bcf
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 0c03344e-32c7-11e8-a58e-0021705a8342

Error: (03/28/2018 09:20:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2018 08:50:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2018 10:18:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/26/2018 06:08:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15585

Error: (03/26/2018 06:08:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15585

Error: (03/26/2018 06:08:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/28/2018 09:26:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (03/28/2018 09:26:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (03/28/2018 09:15:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (03/28/2018 08:54:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/27/2018 12:51:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

Error: (03/27/2018 12:49:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (03/27/2018 11:22:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/27/2018 11:22:22 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

CodeIntegrity:
===================================

Date: 2017-02-16 00:23:17.624
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:16.922
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:16.235
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-16 00:23:15.471
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:59.875
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:59.188
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:58.517
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-15 23:22:57.862
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 58%
Total physical RAM: 3071.18 MB
Available physical RAM: 1269.14 MB
Total Virtual: 6140.68 MB
Available Virtual: 3923.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.55 GB) (Free:391.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.67 GB) NTFS
Drive k: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:496.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=683.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E46CEBE2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

werdnarolyat · Mar 28, 2018

# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 28 22:02:45 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [2932 B] - [2016/6/9 20:38:22]
C:/AdwCleaner/AdwCleaner[C2].txt - [1270 B] - [2016/6/16 22:31:57]
C:/AdwCleaner/AdwCleaner[C3].txt - [1757 B] - [2017/4/24 20:46:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [3145 B] - [2016/6/9 20:30:24]
C:/AdwCleaner/AdwCleaner[S2].txt - [1102 B] - [2016/6/16 22:21:3]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/1/28 20:36:29]
C:/AdwCleaner/AdwCleaner[S4].txt - [1622 B] - [2017/4/24 20:43:29]
C:/AdwCleaner/AdwCleaner[S5].txt - [1658 B] - [2017/6/18 12:14:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

werdnarolyat · Mar 28, 2018

Hi gus,

I noticed that Malwarebytes is running from start-up alongside Avira - could that be causing any conflicts?

Also, when running AdwCleaner it initially found 6 entries; I clicked clean and the got a an error message saying:

"caught unhandled unknown exception; terminating"

AdwCleaner then froze. I forced it closed through the task manager and repeated. The 2nd scan then found 5 entries, I clicked clean and got the same message. I had to repeat this until there were 3 entries, after which it finished the cleaning process without freezing. If you would like to see the scan results for the first scan please let me know.

Thanks.

gus · Mar 28, 2018

Hi werdnarolyat,

Irrespective of what some say you should NEVER run more than one AV/Security suite at the same time. If Malwarebytes is not the paid for version I would urge you remove it for now. Your logs also show ZoneAlarm A/V installed.

Would you mind posting the Adwcleaner 1st scan please?

You also have open ports setup in your firewall, did you do this purposely?

werdnarolyat · Mar 28, 2018

# AdwCleaner 7.0.8.0 - Logfile created on Wed Mar 28 22:01:54 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 2018-03-28.1
# Running on Windows 7 Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [2932 B] - [2016/6/9 20:38:22]
C:/AdwCleaner/AdwCleaner[C2].txt - [1270 B] - [2016/6/16 22:31:57]
C:/AdwCleaner/AdwCleaner[C3].txt - [1757 B] - [2017/4/24 20:46:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [3145 B] - [2016/6/9 20:30:24]
C:/AdwCleaner/AdwCleaner[S2].txt - [1102 B] - [2016/6/16 22:21:3]
C:/AdwCleaner/AdwCleaner[S3].txt - [1466 B] - [2017/1/28 20:36:29]
C:/AdwCleaner/AdwCleaner[S4].txt - [1622 B] - [2017/4/24 20:43:29]
C:/AdwCleaner/AdwCleaner[S5].txt - [1752 B] - [2017/6/18 12:14:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########

werdnarolyat · Mar 29, 2018

Hi gus,

The above is the only other scan results I could find from today - found it in the C://AdwCleaner folder.

I mistakenly thought that Malwarebytes was more of an on demand tool rather than constantly running. When I try to load it from the system tray I get an error saying:

"Malwarebytes is unable to load the Anti-Rootkit DDA Driver.

This error may be due to rootkit activity. We recommend rebooting so Malwarebytes can attempt to install the driver.

Do you want to reboot now?"

I will remove Malwarebytes.

Is there a more powerful tool than CCleaner for uninstalling programs? I think I must've attempted to remove Zonealarm using CCleaner.

I did not deliberately open ports on in the firewall.

gus · Mar 29, 2018

Hi, werdnarolyat,

Tools such as Revo Uninstaller or Geek Uninstaller are arguably the pick of the uninstall tools, mind you no tools will remove everything. Probably jumping a bit ahead here too before I check your logs, but if you have anything Iobit on you machine I would strongly urge you to remove it/them.

I will be away for Today and whilst I look over your logs properly will you please run RogueKiller.

Please go here and download RogueKiller, click HERE to download a 32bit version, or HERE for a 64bit one. If you are unsure if your PC is a 32 or 64bit version look HERE.

Save the download to your desktop.

Close all running programs, Including any Antivirus or Security programs. If you are unsure how to do this please ask.
Right click the new RogueKiller desktop shortcut, and then click on "Run as Administrator"
If you get a dialogue box explaining that there is a new version, go to the website and download it. Click the go to website button at the bottom of the box.
Once the application is open, or you have updated it, click on the Scan button located on the top menu bar.
The scan may take some time to complete depending on the amount of data on your PC. Allow it to complete.
Once the scan is complete check every item for deletion.
Then check "Remove Selected"

Again it may take a little time to remove the detections.
Then click "Open Report" on the bottom left of the main program interface.
A new dialogue box will open, click "Open TXT"

Please Copy and Paste the contents of that text file in your next post.

If by chance you have closed the TXT file before copying it you can retrieve it by clicking on the History button on the programs main interface.

werdnarolyat · Mar 29, 2018

Thanks gus.

Should I use Geek Uninstaller after you've checked the above logs and I've run Rogue Killer?

werdnarolyat · Mar 29, 2018

RogueKiller V12.12.10.0 [Mar 26 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Users\David\Desktop\RogueKiller_portable32.exe
Mode : Delete -- Date : 03/29/2018 09:17:09 (Duration : 01:18:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_653C\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[PUM.Proxy] HKEY_LOCAL_MACHINE\RK_System_ON_D_0500\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job -- C:\Users\David\AppData\Local\{453F7~1\UNINST~1.EXE (/Check) -> Deleted
[Hj.Shortcut] \{6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3} -- "c:\program files\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/5.8.0.158.259/en/abandoninstall?page=tsMain) -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Hj.Shortcut][File] C:\Users\David\AppData\Roaming\QuickScan\Launch QuickScan.lnk [LNK@] C:\PROGRA~1\MOZILL~1\firefox.exe http://quickscan.bitdefender.com/ -> Shortcut cleaned

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3750630AS ATA Device +++++
--- User ---
[MBR] 3245321b7248dc7923dd47d9a442a0bd
[BSP] 5ac569e9e71c018ba2b70830b9d7016e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 178176 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31635456 | Size: 699956 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] e4d4c344682f37fae9a22fb26ed1af77
[BSP] a496701c9300c65bf86f597667d86edf : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

werdnarolyat · Mar 29, 2018

Hi gus,

Just to let you know, I tried using Geek Uninstaller but it found no trace of any ZoneAlarm or Iobit products.