Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with ads, popups, and browser restarts


  • Please log in to reply

#1
rockitout

rockitout

    Member

  • Member
  • PipPipPip
  • 140 posts

Hello, I'm having a lot of problems with my computer as of late.  The computer runs very slow.  I get a lot of ads that pop up.  And when I'm browsing facebook, my browser states that it needs to restart for some reason.  I have posted the FRST logs below as instructed.  Thank you in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Albert (administrator) on CORRELLS (22-01-2018 16:14:17)
Running from C:\Users\Albert\Desktop
Loaded Profiles: Albert (Available Profiles: Albert)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Greatis Software) C:\Program Files (x86)\Start Screen Unlimited\unlimited.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
() C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2017-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [624264 2017-12-19] (Avira Operations Gmbh & Co. KG)
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [Dropbox Update] => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => No File
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-12]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Albert\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{8E304197-ADA7-41F1-9EFD-64AE63A2F549}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{B305DF31-E605-491B-B209-2323E806FA7D}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> DefaultScope {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {B17F7D54-14DF-425B-9146-8662A3435174} URL = hxxp://isearch.shopathome.com?user_id={B43DDDCB-A2AC-4556-AD06-C7E27E0FBFD5}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default [2018-01-22]
FF Homepage: Mozilla\Firefox\Profiles\t8kv3jfy.default -> google.com
FF Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Firefox Hotfix) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2017-01-06] [Legacy]
FF Extension: (Gmail panel) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2016-01-08] [Legacy]
FF Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Adblock Plus) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-06] [Legacy]
FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\bingp.xml [2014-08-20]
FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\yahoo-avast.xml [2014-09-03]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-01-17] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3638795625-3106638858-2927296518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Albert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> ichro.me
CHR StartupUrls: Profile 2 -> "hxxp://ichro.me/redirect"
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-01-06]
CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-08]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-22]
CHR Extension: (Slides) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-13]
CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-22]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-01-22]
CHR Extension: (Adblock Plus) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-12-13]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Sheets) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-22]
CHR Extension: (iChrome - A Fast, Productive Home Page) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oghkljobbhapacbahlneolfclkniiami [2018-01-22]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-22]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-06]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-16] (Avira Operations GmbH & Co. KG)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-29] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169376 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-01-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-05-07] ()
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2016-04-16] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-22 16:14 - 2018-01-22 16:16 - 000022474 _____ C:\Users\Albert\Desktop\FRST.txt
2018-01-22 16:13 - 2018-01-22 16:14 - 000000000 ____D C:\FRST
2018-01-22 16:11 - 2018-01-22 16:11 - 002393088 _____ (Farbar) C:\Users\Albert\Desktop\FRST64.exe
2018-01-22 15:34 - 2018-01-22 15:34 - 000000000 ____D C:\Users\Albert\AppData\Local\TeamViewer
2018-01-12 06:34 - 2018-01-12 06:34 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-12 06:00 - 2017-12-20 16:56 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-12 06:00 - 2017-12-20 16:56 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-12 05:24 - 2018-01-01 23:39 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-12 05:24 - 2018-01-01 23:39 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-12 05:24 - 2018-01-01 23:03 - 025739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-12 05:24 - 2018-01-01 23:00 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-12 05:24 - 2018-01-01 22:38 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-12 05:24 - 2018-01-01 22:28 - 005796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-12 05:24 - 2018-01-01 22:20 - 020275200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-12 05:24 - 2018-01-01 21:44 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-12 05:24 - 2017-12-10 06:46 - 007079424 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2018-01-12 05:24 - 2017-12-10 06:24 - 005275136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2018-01-12 05:24 - 2017-12-10 06:06 - 007797760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-12 05:24 - 2017-12-05 09:58 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000242520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000214392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 002530400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 000567656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-12 05:23 - 2018-01-02 00:56 - 000397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-12 05:23 - 2018-01-01 23:39 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-12 05:23 - 2018-01-01 23:39 - 000418648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-12 05:23 - 2018-01-01 23:39 - 000354648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-12 05:23 - 2018-01-01 23:38 - 002176064 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-01-12 05:23 - 2018-01-01 23:38 - 001662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-12 05:23 - 2018-01-01 23:38 - 001063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-12 05:23 - 2018-01-01 23:37 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-12 05:23 - 2018-01-01 23:37 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-12 05:23 - 2018-01-01 23:37 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-12 05:23 - 2018-01-01 23:37 - 001135280 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-12 05:23 - 2018-01-01 23:35 - 001307840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-12 05:23 - 2018-01-01 23:35 - 000989528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-12 05:23 - 2018-01-01 23:05 - 000164296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-12 05:23 - 2018-01-01 23:03 - 000341384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-12 05:23 - 2018-01-01 23:01 - 001902328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-12 05:23 - 2018-01-01 22:59 - 001565520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-01-12 05:23 - 2018-01-01 22:59 - 001213784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-12 05:23 - 2018-01-01 22:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-12 05:23 - 2018-01-01 22:48 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-12 05:23 - 2018-01-01 22:40 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-12 05:23 - 2018-01-01 22:39 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-01-12 05:23 - 2018-01-01 22:37 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-12 05:23 - 2018-01-01 22:37 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-12 05:23 - 2018-01-01 22:34 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-12 05:23 - 2018-01-01 22:31 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-12 05:23 - 2018-01-01 22:30 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-12 05:23 - 2018-01-01 22:28 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-12 05:23 - 2018-01-01 22:19 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2018-01-12 05:23 - 2018-01-01 22:18 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-12 05:23 - 2018-01-01 22:17 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-12 05:23 - 2018-01-01 22:17 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2018-01-12 05:23 - 2018-01-01 22:16 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-12 05:23 - 2018-01-01 22:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-01-12 05:23 - 2018-01-01 22:06 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-12 05:23 - 2018-01-01 22:02 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-01-12 05:23 - 2018-01-01 21:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-01-12 05:23 - 2018-01-01 21:59 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-01-12 05:23 - 2018-01-01 21:57 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-01-12 05:23 - 2018-01-01 21:56 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-01-12 05:23 - 2018-01-01 21:54 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-12 05:23 - 2018-01-01 21:53 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-12 05:23 - 2018-01-01 21:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-12 05:23 - 2018-01-01 21:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-12 05:23 - 2018-01-01 21:49 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-12 05:23 - 2018-01-01 21:48 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-12 05:23 - 2018-01-01 21:45 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2018-01-12 05:23 - 2018-01-01 21:44 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-12 05:23 - 2018-01-01 21:43 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-12 05:23 - 2018-01-01 21:42 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-12 05:23 - 2018-01-01 21:42 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-12 05:23 - 2018-01-01 21:41 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-12 05:23 - 2018-01-01 21:38 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-12 05:23 - 2018-01-01 21:37 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-01-12 05:23 - 2018-01-01 21:34 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-12 05:23 - 2018-01-01 21:34 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-12 05:23 - 2018-01-01 21:33 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-01-12 05:23 - 2018-01-01 21:33 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-01-12 05:23 - 2018-01-01 21:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-12 05:23 - 2018-01-01 21:32 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-12 05:23 - 2018-01-01 21:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-01-12 05:23 - 2018-01-01 21:29 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-12 05:23 - 2018-01-01 21:27 - 001696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-12 05:23 - 2018-01-01 21:27 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-01-12 05:23 - 2018-01-01 21:26 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-12 05:23 - 2018-01-01 21:23 - 004508160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-12 05:23 - 2018-01-01 21:23 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-12 05:23 - 2018-01-01 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-12 05:23 - 2018-01-01 21:22 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-12 05:23 - 2018-01-01 21:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-12 05:23 - 2018-01-01 21:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-12 05:23 - 2018-01-01 21:18 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-12 05:23 - 2018-01-01 21:18 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-12 05:23 - 2018-01-01 21:16 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-12 05:23 - 2018-01-01 21:15 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-12 05:23 - 2018-01-01 21:13 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-12 05:23 - 2018-01-01 21:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2018-01-12 05:23 - 2018-01-01 21:11 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-12 05:23 - 2018-01-01 21:09 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-12 05:23 - 2018-01-01 21:09 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-01-12 05:23 - 2018-01-01 21:09 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-12 05:23 - 2018-01-01 21:08 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-12 05:23 - 2018-01-01 21:07 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-12 05:23 - 2018-01-01 21:07 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-12 05:23 - 2018-01-01 21:06 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-12 05:23 - 2018-01-01 21:05 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-12 05:23 - 2018-01-01 21:04 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-12 05:23 - 2018-01-01 20:59 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-12 05:23 - 2018-01-01 20:58 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-12 05:23 - 2018-01-01 20:57 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2018-01-12 05:23 - 2018-01-01 20:56 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-01-12 05:23 - 2018-01-01 20:55 - 003548160 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-01-12 05:23 - 2018-01-01 20:54 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-12 05:23 - 2018-01-01 20:53 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-12 05:23 - 2017-12-29 01:21 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-01-12 05:23 - 2017-12-14 16:26 - 000374096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-12 05:23 - 2017-12-14 14:39 - 000315736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-12 05:23 - 2017-12-14 03:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-12 05:23 - 2017-12-14 03:17 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-12 05:23 - 2017-12-10 06:59 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-12 05:23 - 2017-12-10 06:58 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-12 05:23 - 2017-12-10 05:59 - 005270528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-12 05:23 - 2017-12-05 21:42 - 002452816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-12 05:23 - 2014-11-07 21:00 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2018-01-12 05:23 - 2014-11-07 20:56 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2018-01-12 05:23 - 2014-11-07 20:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2018-01-12 05:23 - 2014-11-07 20:56 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2018-01-12 05:23 - 2014-11-07 20:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2018-01-12 05:23 - 2014-11-07 20:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2018-01-12 05:23 - 2014-11-07 20:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2018-01-12 05:23 - 2014-11-07 20:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2018-01-12 05:23 - 2014-11-07 19:48 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2018-01-12 05:23 - 2014-11-03 23:27 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-01-06 12:57 - 2018-01-06 12:57 - 000007690 _____ C:\Users\Albert\Desktop\cc_20180106_125658.reg
2018-01-06 12:56 - 2018-01-06 12:56 - 000117904 _____ C:\Users\Albert\Desktop\cc_20180106_125614.reg
2018-01-06 12:45 - 2018-01-06 12:45 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-06 12:38 - 2018-01-06 12:38 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira
2018-01-06 12:36 - 2018-01-06 12:36 - 000000000 ____D C:\Users\Albert\AppData\Local\AMD
2018-01-06 11:23 - 2018-01-06 11:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-06 11:23 - 2016-09-09 11:25 - 000269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-06 11:23 - 2016-09-09 11:25 - 000261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-06 11:23 - 2016-09-09 11:25 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-06 11:23 - 2016-09-09 11:24 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-06 11:16 - 2018-01-06 11:19 - 000000000 ____D C:\AMD
2018-01-06 11:16 - 2018-01-06 11:16 - 000000000 ____D C:\Users\Albert\AppData\Local\RadeonInstaller
2018-01-06 10:06 - 2018-01-06 10:06 - 000003546 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira_Operations_Gmbh_&_C
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira Operations Gmbh & Co. KG
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG
2018-01-06 10:03 - 2018-01-06 10:03 - 000003292 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2018-01-06 10:03 - 2018-01-06 10:03 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-01-06 10:02 - 2018-01-03 22:33 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2018-01-06 09:59 - 2018-01-06 09:59 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2018-01-06 09:55 - 2018-01-22 12:39 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-01-06 09:55 - 2018-01-06 09:55 - 000003662 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2018-01-06 09:49 - 2018-01-17 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-06 09:49 - 2018-01-06 10:06 - 000000000 ____D C:\Program Files (x86)\Avira
2018-01-06 09:49 - 2018-01-06 10:02 - 000000000 ____D C:\ProgramData\Avira
2018-01-06 09:49 - 2018-01-06 09:49 - 000001215 _____ C:\Users\Public\Desktop\Avira.lnk
2018-01-06 09:35 - 2018-01-06 09:35 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-06 09:35 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-06 09:10 - 2018-01-06 09:10 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-06 09:10 - 2018-01-06 09:10 - 000000978 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-22 16:14 - 2015-06-16 22:26 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job
2018-01-22 16:01 - 2016-03-03 20:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-22 15:54 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-22 15:38 - 2014-01-16 05:01 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3638795625-3106638858-2927296518-1001
2018-01-22 15:35 - 2014-01-21 16:22 - 000000540 _____ C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website
2018-01-22 12:42 - 2015-06-04 22:00 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-22 12:10 - 2016-01-08 11:00 - 000000000 __RDO C:\Users\Albert\OneDrive
2018-01-21 21:17 - 2013-08-22 08:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 21:14 - 2015-06-16 22:26 - 000000888 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job
2018-01-21 21:11 - 2014-06-03 10:16 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-21 20:16 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-21 20:11 - 2014-01-16 04:55 - 000003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1AB0B2E-1ED5-4C0B-81B4-ED19FE8E5F44}
2018-01-21 20:11 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-14 08:44 - 2014-04-15 12:31 - 000000000 ____D C:\Temp
2018-01-13 16:28 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-13 16:27 - 2013-08-22 06:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2018-01-12 06:35 - 2014-04-03 17:24 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Dropbox
2018-01-12 06:03 - 2014-11-21 01:44 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-12 06:03 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2018-01-12 05:58 - 2013-08-22 07:44 - 000498600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-12 05:52 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-01-12 05:36 - 2014-01-19 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-12 05:28 - 2017-10-12 22:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-12 05:28 - 2014-01-19 14:31 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 10:20 - 2014-03-22 17:19 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 12:45 - 2016-07-05 21:40 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-06 12:45 - 2016-07-05 21:40 - 000000000 ____D C:\Program Files\CCleaner
2018-01-06 11:45 - 2017-11-18 09:03 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job
2018-01-06 11:26 - 2013-11-08 23:22 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-01-06 11:19 - 2013-04-03 17:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-06 11:09 - 2017-11-18 09:03 - 000003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlbert
2018-01-06 09:30 - 2014-03-22 16:38 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-06 09:29 - 2014-03-22 17:21 - 000000000 ____D C:\Program Files\Google
2018-01-06 09:29 - 2014-03-22 17:10 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-06 09:21 - 2016-07-05 21:40 - 000002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-06 09:21 - 2016-01-08 10:34 - 000002218 _____ C:\WINDOWS\System32\Tasks\Start Screen Unlimited Schedule Task
2018-01-06 09:21 - 2015-06-16 22:26 - 000003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA
2018-01-06 09:21 - 2015-06-16 22:26 - 000003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core
2018-01-06 09:21 - 2014-12-31 09:34 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-06 09:21 - 2014-04-15 12:31 - 000002026 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2018-01-06 09:21 - 2014-04-15 12:31 - 000002008 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2018-01-06 09:21 - 2014-03-22 17:11 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-06 09:21 - 2014-03-22 17:11 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-06 09:21 - 2013-11-08 23:57 - 000002204 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-01-06 09:19 - 2014-03-22 17:10 - 000000000 ____D C:\Users\Albert\AppData\Local\Google
2017-12-27 08:12 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2014-04-22 09:51 - 2014-04-22 09:52 - 000000314 _____ () C:\Users\Albert\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 14:41 - 2014-04-17 15:12 - 000007605 _____ () C:\Users\Albert\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-01-12 06:10
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Albert (22-01-2018 16:29:34)
Running from C:\Users\Albert\Desktop
Windows 8.1 (Update) (X64) (2015-06-05 13:12:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3638795625-3106638858-2927296518-500 - Administrator - Disabled)
Albert (S-1-5-21-3638795625-3106638858-2927296518-1001 - Administrator - Enabled) => C:\Users\Albert
Guest (S-1-5-21-3638795625-3106638858-2927296518-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.17 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.11.3.29834 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{FA4F79B8-FA3E-4BDC-82B1-F0AA064E24C0}) (Version: 1.0.49.1987 - Avira Operations Gmbh & Co. KG)
Avira Software Updater (HKLM-x32\...\{3850873E-EFAF-4712-94DF-D1E81FFA9F88}) (Version: 2.0.4.50571 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.4.0.6828 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Cyberlink PhotoDirector (HKLM-x32\...\{39337565-330E-4AB6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
DigiSmirkz Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\DigiSmirkzTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Dropbox (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motitags Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\MotitagsTooltab Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network, Inc.) <==== ATTENTION
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com) <==== ATTENTION
Start Screen Unlimited Lite 3.1 (HKLM-x32\...\Start Screen Unlimited Lite_is1) (Version:  - Greatis Software, LLC.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Unity Web Player (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {037A081F-628D-4796-93C2-BEDC2ED781C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {062AA61C-2C93-42C6-AC2F-4DC58522C3C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {0B4ACFC9-7678-4BC4-8FE2-7E8BC495C7DF} - System32\Tasks\HPCeeScheduleForAlbert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {16101842-1F98-4988-B291-63A9518C2B76} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-01-06] (Avira Operations GmbH & Co. KG )
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {16CB9CFE-31E8-401E-A79E-639FF0F3C152} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {2B3C693A-73FF-438B-B149-493A57B9B0BF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2BB1DE94-8613-4678-B48C-D8B969F24EBA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {34D0010E-EC3E-4B8A-8C5B-F3626FB82FBD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {370C67AB-9D3F-46BB-8F5A-F477F3D91ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {3C1E0996-A84B-41A0-A88D-EDE53D5F9F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {44DC80AE-19CE-42F7-BFE2-0FFCABF9E334} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-12-04] (Avira Operations GmbH & Co. KG)
Task: {57AB092F-1E3D-4B78-B29F-E88343DF319F} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-12-04] (Avira Operations GmbH & Co. KG)
Task: {5A646D1D-2B29-4912-A8A2-B2EA0B427762} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {60DE0EE9-49E2-41BC-8397-15F73B895324} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-01-03] (Avira Operations GmbH & Co. KG)
Task: {65923E58-1C20-4BBF-AE21-AD46681E6DB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {66E2FD49-F8F5-401E-A939-2F045C80C5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7CBA983F-79F5-42A2-BB55-D2BAAE23D0E3} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {85A68C60-49A2-4B07-AD98-DF9226D5C676} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {865C3EA3-1331-4632-B774-8E042D022A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {8D90EE55-19DA-49FF-B78D-97EDC8E0D9CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9D0BDADA-53F1-49BF-AC93-E5B53187B4E9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {9FC82034-8829-4EFC-9F9B-B84CCD4F6B6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {AF3882E3-8991-4BE7-9577-5E10BBD577EB} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C9041102-7EB9-413A-A81A-6FEBA4C4EA07} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe [2017-12-19] (Avira Operations Gmbh & Co. KG)
Task: {C95A18D5-6486-4A0F-A033-A5B4EA1F2931} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D2DC50CF-1EF9-496D-AE30-631825CFBABD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {E0EE1DED-6854-49A9-B020-ECF01E06A44C} - System32\Tasks\Start Screen Unlimited Schedule Task => C:\Program Files (x86)\Start Screen Unlimited\launcher.exe [2014-01-07] (Greatis Software)
Task: {EBD05904-7EBA-4243-A171-64D1BF783B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {EC208AAC-772E-409C-AFC3-C39D43559F91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {EFA4D654-7DE0-4DAD-98B9-DD62878A451D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {F15E7F9D-301F-4D06-84DB-765355AFC630} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {F1C44F33-38A9-4EF5-A112-50E86EBA08A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Albert\AppData\Local\Microsoft\Windows\RoamingTiles\11029858760.lnk -> hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^us&si=CJnm_fewt8MCFcVgfgodnJ8A2w&n=781AA7CE&st=h
 
ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-18881076590.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x1ed8ade2 -pinnedTimeHigh 0x01d14a44 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000001e hxxps://www.bankofthewest.com/
ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\11029858760.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xd8df544c -pinnedTimeHigh 0x01d14a4a -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000098 hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^u
ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-03 10:24 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-24 15:35 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-11-18 08:48 - 2017-12-07 12:22 - 000937912 _____ () C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe
2013-10-31 08:05 - 2013-10-31 08:05 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-01-12 06:33 - 2018-01-08 14:15 - 000732480 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-01-12 06:33 - 2018-01-08 14:15 - 002061632 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-12-07 12:26 - 2018-01-08 14:15 - 000100296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000018888 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\select.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000020800 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000035792 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000694224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000130512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001856848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000145864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000116688 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-12-07 12:26 - 2018-01-08 14:15 - 000105928 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000063296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024528 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000040248 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000020936 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000124880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000116176 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000392656 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-12-07 12:26 - 2018-01-08 14:16 - 000392512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000175560 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000030160 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000043472 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000026056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000048592 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000057808 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000021824 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000023368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000022856 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000066392 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001796920 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000084424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\sip.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001956152 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 003859264 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000155464 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000521024 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000050496 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000042304 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000131384 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000218944 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000204096 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000025432 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000060880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000054608 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000028616 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000027488 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000349128 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000101184 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000023896 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000025424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000036296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-12 06:34 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000181056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-12-07 12:26 - 2018-01-08 14:16 - 000030536 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000024368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-01-12 06:33 - 2018-01-08 14:16 - 001638200 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-12-07 12:26 - 2018-01-08 14:17 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000545080 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000359224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000038208 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-06-22 00:41 - 2017-06-22 00:41 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-08 23:28 - 2013-03-12 07:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]
AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9 [136]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{236E1666-A7B4-48FD-A263-A0B24032D702}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{480800A7-9521-471E-9ECC-2D01EA989507}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C379B869-E949-4FEE-94B2-FED51F64C120}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4C70676A-9BEA-4B04-9557-C6F7941B940A}] => (Allow) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5E66B12C-96E6-494A-ACB7-1630168BE089}] => (Allow) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{62740452-A57C-4433-9799-F49748701E7C}] => (Allow) LPort=1900
FirewallRules: [{FC9CA761-2516-42F9-B402-41554DD43A1B}] => (Allow) LPort=2869
FirewallRules: [{3EA7F053-0930-4D42-9C76-94E7705122A4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2E185334-130F-4D23-B3D2-7028E8870011}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{8C1F29AD-36A2-447A-81FD-5FAF94711738}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A06016A8-C65B-44BE-ADB4-00E9B6DB9537}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{44236822-FFED-424D-BD0B-37AD8F9FD056}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9017EB47-4D50-4CC1-983E-ADAB4936631F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{4A10E9A5-D178-4098-9828-47E0F24A6E0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E16C7AF-875B-4BD7-B20F-C5CFAC342DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E6C375F-C850-47C8-998C-FCD3DED88113}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F526047-EC37-418D-BDB0-26B15FD19F56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D66E776-9AA4-4AB0-9080-D1FAD31FA6ED}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{F231122D-97FA-4572-9465-E3F4BC85AB76}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5D2B3C3E-3DDF-41F7-B028-DC708908884E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{66D15028-B4EE-4109-8213-1F7934767937}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{304E7D73-59AA-47AC-9FA0-C5760003E1E7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{47A5632F-3F0A-45CE-90E7-98BB9CC84EA8}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A971E6C3-5DF3-4816-B9B7-EF8C5901BBC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B1C4FFAE-E293-4D3F-9407-CA204F6C435E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E672542-0D45-4AAC-BA3B-36CD0DC9CB06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3F50DAE-3AD8-495B-9284-913F3D56900C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDB6BC2B-17D0-4834-AFC2-0B5059D92622}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{56DCFB0E-7EF3-409E-B1CA-6F57EAA85150}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E7D1C8DD-A752-4F6C-84AB-0612C1BDB1E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F60A65AD-27FB-457A-BAF1-FF3BFF127516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BCB63328-9566-4424-AD5A-06C2F11A6E01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-12-2017 08:09:29 Scheduled Checkpoint
06-01-2018 09:20:22 Removed TECH SUPPORT 8886763801
12-01-2018 05:20:43 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/22/2018 04:00:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e18
 
Start Time: 01d393d40571f549
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 0187cdc1-ffc8-11e7-80e8-0c54a5040edd
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/22/2018 03:38:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1250
 
Start Time: 01d393d15f0065a6
 
Termination Time: 10258
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: ead5beed-ffc4-11e7-80e8-0c54a5040edd
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/22/2018 03:30:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1bc4
 
Start Time: 01d393cfd47732d1
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: cbdd19db-ffc3-11e7-80e8-0c54a5040edd
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/22/2018 03:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CORRELLS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/22/2018 02:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 87c
 
Start Time: 01d393cb78e9b73e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 6cc4caf6-ffbf-11e7-80e8-0c54a5040edd
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 9.E.7.7.1.D.4.F.8.7.8.4.4.4.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR corrells.local.
 
Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 9.E.7.7.1.D.4.F.8.7.8.4.4.4.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR corrells-2.local.
 
Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR corrells.local.
 
Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR corrells-2.local.
 
Error: (01/22/2018 02:53:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CORRELLS)
Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (01/22/2018 12:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 13 time(s).
 
Error: (01/21/2018 10:00:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 12 time(s).
 
Error: (01/21/2018 08:38:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 11 time(s).
 
Error: (01/20/2018 01:03:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (01/20/2018 01:02:28 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4 did not register with DCOM within the required timeout.
 
Error: (01/20/2018 01:02:20 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4 did not register with DCOM within the required timeout.
 
Error: (01/18/2018 12:04:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (01/18/2018 12:04:24 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (01/18/2018 12:04:24 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
 
Error: (01/18/2018 12:04:14 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4 did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2018-01-06 09:09:57.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:54.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:50.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:49.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:48.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:47.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:45.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:44.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:42.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2018-01-06 09:09:41.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-2500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 66%
Total physical RAM: 3541.49 MB
Available physical RAM: 1193.77 MB
Total Virtual: 5082.49 MB
Available Virtual: 1518.12 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:446.13 GB) (Free:392.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.71 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D7091893)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Uninstall:

Bonjour

DigiSmirkz Internet Explorer Homepage and New Tab

Motitags Internet Explorer Homepage and New Tab

ShopAtHome.com Helper

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).


Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 

Run FRST again.  Check the Addition.txt box and then SCAN.  Post both logs.

 


  • 0

#3
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Thank you for your reply.  I followed your instructions.  I could not find "ShopAtHome.com Helper" in the programs list.  I did however find it in a list of addons for internet explorer and removed it from there.  Also fyi, during the reboot it did a windows update automatically.  Not sure if that matters much, but I thought I would let you know.  Everything else was smooth and the logs you requested are below.

 

# AdwCleaner 7.0.7.0 - Logfile created on Tue Jan 23 16:54:44 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: CouponPrinterService

***** [ Folders ] *****

Deleted: C:\Users\Albert\AppData\LocalLow\ShopAtHome
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons

***** [ Files ] *****

Deleted: C:\Users\Albert\AppData\Roaming\aps.uninstall.scan.results
Deleted: C:\END
Deleted: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\bingp.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\hp.myway.com
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4ADB-B353-42C991C99A2E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\download.driversupport.com
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\driversupport.com
Deleted: [Key] - HKLM\SOFTWARE\systweak

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

 

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3719 B] - [2018/1/23 16:52:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Albert (administrator) on CORRELLS (23-01-2018 10:18:14)
Running from C:\Users\Albert\Desktop
Loaded Profiles: Albert (Available Profiles: Albert)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
(Greatis Software) C:\Program Files (x86)\Start Screen Unlimited\launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\update.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2018-01-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [624264 2017-12-19] (Avira Operations Gmbh & Co. KG)
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [Dropbox Update] => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => No File
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-12]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Albert\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{8E304197-ADA7-41F1-9EFD-64AE63A2F549}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{B305DF31-E605-491B-B209-2323E806FA7D}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> DefaultScope {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default [2018-01-23]
FF Homepage: Mozilla\Firefox\Profiles\t8kv3jfy.default -> google.com
FF Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Firefox Hotfix) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2017-01-06] [Legacy]
FF Extension: (Gmail panel) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2016-01-08] [Legacy]
FF Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Adblock Plus) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-06] [Legacy]
FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\yahoo-avast.xml [2014-09-03]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-01-17] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3638795625-3106638858-2927296518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Albert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> ichro.me
CHR StartupUrls: Profile 2 -> "hxxp://ichro.me/redirect"
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-01-06]
CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-08]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-22]
CHR Extension: (Slides) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-13]
CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-22]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-01-22]
CHR Extension: (Adblock Plus) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-12-13]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Sheets) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-22]
CHR Extension: (iChrome - A Fast, Productive Home Page) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oghkljobbhapacbahlneolfclkniiami [2018-01-22]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-22]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-06]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-16] (Avira Operations GmbH & Co. KG)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-29] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2018-01-12] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-21] (Qualcomm Atheros Communications, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169376 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-01-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-05-07] ()
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2016-04-16] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 10:15 - 2018-01-23 10:28 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-01-23 09:48 - 2018-01-23 09:52 - 000000000 ____D C:\AdwCleaner
2018-01-23 09:43 - 2018-01-23 09:43 - 008206624 _____ (Malwarebytes) C:\Users\Albert\Desktop\AdwCleaner.exe
2018-01-22 19:23 - 2018-01-22 19:23 - 000000000 _____ C:\Users\Albert\Desktop\New Text Document.txt
2018-01-22 19:17 - 2018-01-23 09:39 - 000000182 _____ C:\Users\Albert\Desktop\Problems with ads, popups, and browser restarts - Virus, Spyware, Malware Removal.url
2018-01-22 17:30 - 2017-10-04 01:21 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-01-22 17:30 - 2017-10-03 20:45 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-01-22 17:30 - 2017-10-03 20:45 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-01-22 17:29 - 2017-10-04 01:21 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-01-22 16:49 - 2018-01-08 21:16 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-22 16:49 - 2017-12-15 05:23 - 000276312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-01-22 16:49 - 2017-12-05 09:56 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2018-01-22 16:49 - 2017-12-05 09:52 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-01-22 16:49 - 2017-12-05 09:45 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-22 16:49 - 2017-12-05 09:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-22 16:49 - 2017-12-05 09:32 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-01-22 16:49 - 2017-12-05 09:10 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-01-22 16:49 - 2017-12-05 09:02 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2018-01-22 16:49 - 2017-12-05 08:58 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2018-01-22 16:49 - 2017-12-05 08:24 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-01-22 16:49 - 2017-12-01 20:04 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-01-22 16:49 - 2017-11-24 14:58 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-01-22 16:49 - 2017-11-24 14:56 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-01-22 16:49 - 2017-11-24 14:46 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-01-22 16:49 - 2017-11-24 14:44 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-01-22 16:42 - 2014-11-17 13:17 - 000672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2018-01-22 16:42 - 2014-11-13 23:54 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-22 16:29 - 2018-01-22 16:38 - 000054002 _____ C:\Users\Albert\Desktop\Addition.txt
2018-01-22 16:14 - 2018-01-23 10:20 - 000022350 _____ C:\Users\Albert\Desktop\FRST.txt
2018-01-22 16:13 - 2018-01-23 10:18 - 000000000 ____D C:\FRST
2018-01-22 16:11 - 2018-01-22 16:11 - 002393088 _____ (Farbar) C:\Users\Albert\Desktop\FRST64.exe
2018-01-22 15:53 - 2014-11-15 12:05 - 000801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-22 15:53 - 2014-11-14 23:29 - 000962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-22 15:53 - 2014-11-13 23:57 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-22 15:53 - 2014-11-13 22:03 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-22 15:53 - 2014-11-07 19:03 - 000733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2018-01-22 15:53 - 2014-11-07 18:58 - 004837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2018-01-22 15:53 - 2014-11-07 18:49 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2018-01-22 15:53 - 2014-11-04 19:12 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2018-01-22 15:53 - 2014-11-04 19:12 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2018-01-22 15:53 - 2014-11-04 19:06 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-01-22 15:53 - 2014-11-04 18:39 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2018-01-22 15:53 - 2014-11-04 18:39 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2018-01-22 15:53 - 2014-11-04 18:33 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-01-22 15:53 - 2014-11-04 18:14 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-01-22 15:53 - 2014-11-04 12:33 - 000058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2018-01-22 15:53 - 2014-10-20 18:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2018-01-22 15:53 - 2014-10-20 18:19 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2018-01-22 15:53 - 2014-10-20 17:50 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2018-01-22 15:53 - 2014-10-20 17:31 - 001574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-01-22 15:53 - 2014-10-20 17:31 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2018-01-22 15:53 - 2014-10-20 17:20 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-01-22 15:53 - 2014-10-16 21:56 - 000039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2018-01-22 15:34 - 2018-01-22 15:34 - 000000000 ____D C:\Users\Albert\AppData\Local\TeamViewer
2018-01-12 06:34 - 2018-01-12 06:34 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-12 06:00 - 2017-12-20 16:56 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-12 06:00 - 2017-12-20 16:56 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-12 05:24 - 2018-01-01 23:39 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-12 05:24 - 2018-01-01 23:03 - 025739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-12 05:24 - 2018-01-01 23:00 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-12 05:24 - 2018-01-01 22:38 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-12 05:24 - 2018-01-01 22:28 - 005796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-12 05:24 - 2018-01-01 22:20 - 020275200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-12 05:24 - 2018-01-01 21:44 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-12 05:24 - 2017-12-10 06:46 - 007079424 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2018-01-12 05:24 - 2017-12-10 06:24 - 005275136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2018-01-12 05:24 - 2017-12-10 06:06 - 007797760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-12 05:24 - 2017-12-05 09:58 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000242520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000214392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 002530400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 000567656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-12 05:23 - 2018-01-02 00:56 - 000397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-12 05:23 - 2018-01-01 23:39 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-12 05:23 - 2018-01-01 23:39 - 000418648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-12 05:23 - 2018-01-01 23:39 - 000354648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-12 05:23 - 2018-01-01 23:38 - 002176064 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-01-12 05:23 - 2018-01-01 23:38 - 001662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-12 05:23 - 2018-01-01 23:38 - 001063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-12 05:23 - 2018-01-01 23:37 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-12 05:23 - 2018-01-01 23:37 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-12 05:23 - 2018-01-01 23:37 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-12 05:23 - 2018-01-01 23:37 - 001135280 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-12 05:23 - 2018-01-01 23:35 - 001307840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-12 05:23 - 2018-01-01 23:35 - 000989528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-12 05:23 - 2018-01-01 23:05 - 000164296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-12 05:23 - 2018-01-01 23:03 - 000341384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-12 05:23 - 2018-01-01 23:01 - 001902328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-12 05:23 - 2018-01-01 22:59 - 001565520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-01-12 05:23 - 2018-01-01 22:59 - 001213784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-12 05:23 - 2018-01-01 22:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-12 05:23 - 2018-01-01 22:48 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-12 05:23 - 2018-01-01 22:40 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-12 05:23 - 2018-01-01 22:39 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-01-12 05:23 - 2018-01-01 22:37 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-12 05:23 - 2018-01-01 22:37 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-12 05:23 - 2018-01-01 22:34 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-12 05:23 - 2018-01-01 22:31 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-12 05:23 - 2018-01-01 22:30 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-12 05:23 - 2018-01-01 22:28 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-12 05:23 - 2018-01-01 22:19 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2018-01-12 05:23 - 2018-01-01 22:18 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-12 05:23 - 2018-01-01 22:17 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-12 05:23 - 2018-01-01 22:17 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2018-01-12 05:23 - 2018-01-01 22:16 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-12 05:23 - 2018-01-01 22:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-01-12 05:23 - 2018-01-01 22:06 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-12 05:23 - 2018-01-01 22:02 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-01-12 05:23 - 2018-01-01 21:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-01-12 05:23 - 2018-01-01 21:59 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-01-12 05:23 - 2018-01-01 21:57 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-01-12 05:23 - 2018-01-01 21:56 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-01-12 05:23 - 2018-01-01 21:54 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-12 05:23 - 2018-01-01 21:53 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-12 05:23 - 2018-01-01 21:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-12 05:23 - 2018-01-01 21:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-12 05:23 - 2018-01-01 21:49 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-12 05:23 - 2018-01-01 21:48 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-12 05:23 - 2018-01-01 21:45 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2018-01-12 05:23 - 2018-01-01 21:44 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-12 05:23 - 2018-01-01 21:43 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-12 05:23 - 2018-01-01 21:42 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-12 05:23 - 2018-01-01 21:42 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-12 05:23 - 2018-01-01 21:41 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-12 05:23 - 2018-01-01 21:38 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-12 05:23 - 2018-01-01 21:37 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-01-12 05:23 - 2018-01-01 21:34 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-12 05:23 - 2018-01-01 21:34 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-12 05:23 - 2018-01-01 21:33 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-01-12 05:23 - 2018-01-01 21:33 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-01-12 05:23 - 2018-01-01 21:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-12 05:23 - 2018-01-01 21:32 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-12 05:23 - 2018-01-01 21:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-01-12 05:23 - 2018-01-01 21:29 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-12 05:23 - 2018-01-01 21:27 - 001696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-12 05:23 - 2018-01-01 21:27 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-01-12 05:23 - 2018-01-01 21:26 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-12 05:23 - 2018-01-01 21:23 - 004508160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-12 05:23 - 2018-01-01 21:23 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-12 05:23 - 2018-01-01 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-12 05:23 - 2018-01-01 21:22 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-12 05:23 - 2018-01-01 21:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-12 05:23 - 2018-01-01 21:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-12 05:23 - 2018-01-01 21:18 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-12 05:23 - 2018-01-01 21:18 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-12 05:23 - 2018-01-01 21:16 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-12 05:23 - 2018-01-01 21:15 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-12 05:23 - 2018-01-01 21:13 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-12 05:23 - 2018-01-01 21:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2018-01-12 05:23 - 2018-01-01 21:11 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-12 05:23 - 2018-01-01 21:09 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-12 05:23 - 2018-01-01 21:09 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-01-12 05:23 - 2018-01-01 21:09 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-12 05:23 - 2018-01-01 21:08 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-12 05:23 - 2018-01-01 21:07 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-12 05:23 - 2018-01-01 21:07 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-12 05:23 - 2018-01-01 21:06 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-12 05:23 - 2018-01-01 21:05 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-12 05:23 - 2018-01-01 21:04 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-12 05:23 - 2018-01-01 20:59 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-12 05:23 - 2018-01-01 20:58 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-12 05:23 - 2018-01-01 20:57 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2018-01-12 05:23 - 2018-01-01 20:56 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-01-12 05:23 - 2018-01-01 20:55 - 003548160 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-01-12 05:23 - 2018-01-01 20:54 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-12 05:23 - 2018-01-01 20:53 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-12 05:23 - 2017-12-29 01:21 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-01-12 05:23 - 2017-12-14 16:26 - 000374096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-12 05:23 - 2017-12-14 14:39 - 000315736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-12 05:23 - 2017-12-14 03:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-12 05:23 - 2017-12-14 03:17 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-12 05:23 - 2017-12-10 06:59 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-12 05:23 - 2017-12-10 06:58 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-12 05:23 - 2017-12-10 05:59 - 005270528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-12 05:23 - 2017-12-05 21:42 - 002452816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-12 05:23 - 2014-11-07 21:00 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2018-01-12 05:23 - 2014-11-07 20:56 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2018-01-12 05:23 - 2014-11-07 20:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2018-01-12 05:23 - 2014-11-07 20:56 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2018-01-12 05:23 - 2014-11-07 20:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2018-01-12 05:23 - 2014-11-07 20:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2018-01-12 05:23 - 2014-11-07 20:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2018-01-12 05:23 - 2014-11-07 20:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2018-01-12 05:23 - 2014-11-07 19:48 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2018-01-12 05:23 - 2014-11-03 23:27 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-01-06 12:57 - 2018-01-06 12:57 - 000007690 _____ C:\Users\Albert\Desktop\cc_20180106_125658.reg
2018-01-06 12:56 - 2018-01-06 12:56 - 000117904 _____ C:\Users\Albert\Desktop\cc_20180106_125614.reg
2018-01-06 12:45 - 2018-01-06 12:45 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-06 12:38 - 2018-01-06 12:38 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira
2018-01-06 12:36 - 2018-01-06 12:36 - 000000000 ____D C:\Users\Albert\AppData\Local\AMD
2018-01-06 11:23 - 2018-01-06 11:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-06 11:23 - 2016-09-09 11:25 - 000269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-06 11:23 - 2016-09-09 11:25 - 000261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-06 11:23 - 2016-09-09 11:25 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-06 11:23 - 2016-09-09 11:24 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-06 11:16 - 2018-01-06 11:19 - 000000000 ____D C:\AMD
2018-01-06 11:16 - 2018-01-06 11:16 - 000000000 ____D C:\Users\Albert\AppData\Local\RadeonInstaller
2018-01-06 10:06 - 2018-01-06 10:06 - 000003546 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira_Operations_Gmbh_&_C
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira Operations Gmbh & Co. KG
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG
2018-01-06 10:03 - 2018-01-06 10:03 - 000003292 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2018-01-06 10:03 - 2018-01-06 10:03 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-01-06 10:02 - 2018-01-03 22:33 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2018-01-06 09:59 - 2018-01-06 09:59 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2018-01-06 09:55 - 2018-01-23 10:15 - 000003660 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2018-01-06 09:49 - 2018-01-23 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-06 09:49 - 2018-01-23 10:15 - 000000000 ____D C:\Program Files (x86)\Avira
2018-01-06 09:49 - 2018-01-06 10:02 - 000000000 ____D C:\ProgramData\Avira
2018-01-06 09:49 - 2018-01-06 09:49 - 000001215 _____ C:\Users\Public\Desktop\Avira.lnk
2018-01-06 09:35 - 2018-01-06 09:35 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-06 09:35 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-06 09:10 - 2018-01-06 09:10 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-06 09:10 - 2018-01-06 09:10 - 000000978 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 10:21 - 2014-01-16 05:01 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3638795625-3106638858-2927296518-1001
2018-01-23 10:16 - 2016-01-08 11:00 - 000000000 __RDO C:\Users\Albert\OneDrive
2018-01-23 10:16 - 2014-04-15 12:31 - 000000000 ____D C:\Temp
2018-01-23 10:14 - 2015-06-16 22:26 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job
2018-01-23 10:06 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-23 10:06 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2018-01-23 10:05 - 2013-08-22 06:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2018-01-23 10:00 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-23 10:00 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-23 09:55 - 2016-03-03 20:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-23 09:31 - 2014-01-16 04:55 - 000003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1AB0B2E-1ED5-4C0B-81B4-ED19FE8E5F44}
2018-01-23 05:46 - 2015-06-04 22:00 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-22 20:39 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\rescache
2018-01-22 17:51 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-22 17:12 - 2015-06-04 22:00 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-22 17:09 - 2017-11-18 09:03 - 000003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlbert
2018-01-22 17:09 - 2017-11-18 09:03 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job
2018-01-22 15:35 - 2014-01-21 16:22 - 000000540 _____ C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website
2018-01-21 21:17 - 2013-08-22 08:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 21:14 - 2015-06-16 22:26 - 000000888 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job
2018-01-21 21:11 - 2014-06-03 10:16 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-21 20:16 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-21 20:11 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-12 06:35 - 2014-04-03 17:24 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Dropbox
2018-01-12 06:03 - 2014-11-21 01:44 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-12 05:58 - 2013-08-22 07:44 - 000498600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-12 05:52 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-01-12 05:36 - 2014-01-19 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-12 05:28 - 2017-10-12 22:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-12 05:28 - 2014-01-19 14:31 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 10:20 - 2014-03-22 17:19 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 12:45 - 2016-07-05 21:40 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-06 12:45 - 2016-07-05 21:40 - 000000000 ____D C:\Program Files\CCleaner
2018-01-06 11:26 - 2013-11-08 23:22 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-01-06 11:19 - 2013-04-03 17:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-06 09:30 - 2014-03-22 16:38 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-06 09:29 - 2014-03-22 17:21 - 000000000 ____D C:\Program Files\Google
2018-01-06 09:29 - 2014-03-22 17:10 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-06 09:21 - 2016-07-05 21:40 - 000002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-06 09:21 - 2016-01-08 10:34 - 000002218 _____ C:\WINDOWS\System32\Tasks\Start Screen Unlimited Schedule Task
2018-01-06 09:21 - 2015-06-16 22:26 - 000003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA
2018-01-06 09:21 - 2015-06-16 22:26 - 000003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core
2018-01-06 09:21 - 2014-12-31 09:34 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-06 09:21 - 2014-04-15 12:31 - 000002026 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2018-01-06 09:21 - 2014-04-15 12:31 - 000002008 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2018-01-06 09:21 - 2014-03-22 17:11 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-06 09:21 - 2014-03-22 17:11 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-06 09:21 - 2013-11-08 23:57 - 000002204 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-01-06 09:19 - 2014-03-22 17:10 - 000000000 ____D C:\Users\Albert\AppData\Local\Google

==================== Files in the root of some directories =======

2014-04-01 14:41 - 2014-04-17 15:12 - 000007605 _____ () C:\Users\Albert\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-22 19:30

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Albert (23-01-2018 10:30:20)
Running from C:\Users\Albert\Desktop
Windows 8.1 (Update) (X64) (2015-06-05 13:12:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3638795625-3106638858-2927296518-500 - Administrator - Disabled)
Albert (S-1-5-21-3638795625-3106638858-2927296518-1001 - Administrator - Enabled) => C:\Users\Albert
Guest (S-1-5-21-3638795625-3106638858-2927296518-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.17 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.11.3.29834 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{FA4F79B8-FA3E-4BDC-82B1-F0AA064E24C0}) (Version: 1.0.49.1987 - Avira Operations Gmbh & Co. KG)
Avira Software Updater (HKLM-x32\...\{3850873E-EFAF-4712-94DF-D1E81FFA9F88}) (Version: 2.0.4.50571 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.5.0.6983 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Cyberlink PhotoDirector (HKLM-x32\...\{39337565-330E-4AB6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Start Screen Unlimited Lite 3.1 (HKLM-x32\...\Start Screen Unlimited Lite_is1) (Version:  - Greatis Software, LLC.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Unity Web Player (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037A081F-628D-4796-93C2-BEDC2ED781C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {062AA61C-2C93-42C6-AC2F-4DC58522C3C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {0B4ACFC9-7678-4BC4-8FE2-7E8BC495C7DF} - System32\Tasks\HPCeeScheduleForAlbert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {16101842-1F98-4988-B291-63A9518C2B76} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-01-23] (Avira Operations GmbH & Co. KG )
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {16CB9CFE-31E8-401E-A79E-639FF0F3C152} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {2B3C693A-73FF-438B-B149-493A57B9B0BF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2BB1DE94-8613-4678-B48C-D8B969F24EBA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {34D0010E-EC3E-4B8A-8C5B-F3626FB82FBD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {370C67AB-9D3F-46BB-8F5A-F477F3D91ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {3C1E0996-A84B-41A0-A88D-EDE53D5F9F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5A646D1D-2B29-4912-A8A2-B2EA0B427762} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {60DE0EE9-49E2-41BC-8397-15F73B895324} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-01-03] (Avira Operations GmbH & Co. KG)
Task: {65923E58-1C20-4BBF-AE21-AD46681E6DB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {66E2FD49-F8F5-401E-A939-2F045C80C5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7CBA983F-79F5-42A2-BB55-D2BAAE23D0E3} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {85A68C60-49A2-4B07-AD98-DF9226D5C676} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {865C3EA3-1331-4632-B774-8E042D022A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {8D90EE55-19DA-49FF-B78D-97EDC8E0D9CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9D0BDADA-53F1-49BF-AC93-E5B53187B4E9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {9FC82034-8829-4EFC-9F9B-B84CCD4F6B6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {AF3882E3-8991-4BE7-9577-5E10BBD577EB} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C9041102-7EB9-413A-A81A-6FEBA4C4EA07} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe [2017-12-19] (Avira Operations Gmbh & Co. KG)
Task: {C95A18D5-6486-4A0F-A033-A5B4EA1F2931} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D2DC50CF-1EF9-496D-AE30-631825CFBABD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {E0EE1DED-6854-49A9-B020-ECF01E06A44C} - System32\Tasks\Start Screen Unlimited Schedule Task => C:\Program Files (x86)\Start Screen Unlimited\launcher.exe [2014-01-07] (Greatis Software)
Task: {EBD05904-7EBA-4243-A171-64D1BF783B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {EC208AAC-772E-409C-AFC3-C39D43559F91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {EFA4D654-7DE0-4DAD-98B9-DD62878A451D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {F15E7F9D-301F-4D06-84DB-765355AFC630} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {F1C44F33-38A9-4EF5-A112-50E86EBA08A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F970FEA0-697E-4FAE-BE81-1FCA238A3943} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-01-12] (Avira Operations GmbH & Co. KG)
Task: {FB27E9EE-F1D0-4BD2-9138-B326976A205C} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2018-01-12] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Albert\AppData\Local\Microsoft\Windows\RoamingTiles\11029858760.lnk -> hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^us&si=CJnm_fewt8MCFcVgfgodnJ8A2w&n=781AA7CE&st=h

ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-18881076590.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x1ed8ade2 -pinnedTimeHigh 0x01d14a44 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000001e hxxps://www.bankofthewest.com/
ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\11029858760.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xd8df544c -pinnedTimeHigh 0x01d14a4a -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000098 hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^u
ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2014-06-03 10:24 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-24 15:35 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-11-08 23:28 - 2013-03-12 07:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-01-12 06:33 - 2018-01-08 14:15 - 000732480 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-01-12 06:33 - 2018-01-08 14:15 - 002061632 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-12-07 12:26 - 2018-01-08 14:15 - 000100296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000018888 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\select.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000020800 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000035792 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000694224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000130512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001856848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000145864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000116688 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-12-07 12:26 - 2018-01-08 14:15 - 000105928 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000063296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024528 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000040248 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000020936 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000124880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000116176 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000392656 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-12-07 12:26 - 2018-01-08 14:16 - 000392512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000175560 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000030160 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000043472 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000026056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000048592 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000057808 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000021824 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000023368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000022856 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000066392 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001796920 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000084424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\sip.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001956152 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 003859264 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000155464 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000521024 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000050496 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000042304 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000131384 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000218944 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000204096 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000025432 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000060880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000054608 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000028616 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000027488 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000349128 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000101184 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000023896 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000025424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000036296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-12 06:34 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000181056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-12-07 12:26 - 2018-01-08 14:16 - 000030536 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000024368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-01-12 06:33 - 2018-01-08 14:16 - 001638200 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-12-07 12:26 - 2018-01-08 14:17 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000545080 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000359224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000038208 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-06-22 00:41 - 2017-06-22 00:41 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-08 23:28 - 2013-05-21 05:56 - 000806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-11-08 23:28 - 2013-03-05 20:04 - 001321944 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]
AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9 [136]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{236E1666-A7B4-48FD-A263-A0B24032D702}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{480800A7-9521-471E-9ECC-2D01EA989507}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{C379B869-E949-4FEE-94B2-FED51F64C120}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4C70676A-9BEA-4B04-9557-C6F7941B940A}] => (Allow) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5E66B12C-96E6-494A-ACB7-1630168BE089}] => (Allow) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{62740452-A57C-4433-9799-F49748701E7C}] => (Allow) LPort=1900
FirewallRules: [{FC9CA761-2516-42F9-B402-41554DD43A1B}] => (Allow) LPort=2869
FirewallRules: [{3EA7F053-0930-4D42-9C76-94E7705122A4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2E185334-130F-4D23-B3D2-7028E8870011}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{8C1F29AD-36A2-447A-81FD-5FAF94711738}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A06016A8-C65B-44BE-ADB4-00E9B6DB9537}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{44236822-FFED-424D-BD0B-37AD8F9FD056}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9017EB47-4D50-4CC1-983E-ADAB4936631F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{4A10E9A5-D178-4098-9828-47E0F24A6E0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E16C7AF-875B-4BD7-B20F-C5CFAC342DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E6C375F-C850-47C8-998C-FCD3DED88113}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F526047-EC37-418D-BDB0-26B15FD19F56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D66E776-9AA4-4AB0-9080-D1FAD31FA6ED}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{F231122D-97FA-4572-9465-E3F4BC85AB76}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5D2B3C3E-3DDF-41F7-B028-DC708908884E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{66D15028-B4EE-4109-8213-1F7934767937}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{304E7D73-59AA-47AC-9FA0-C5760003E1E7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{47A5632F-3F0A-45CE-90E7-98BB9CC84EA8}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A971E6C3-5DF3-4816-B9B7-EF8C5901BBC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B1C4FFAE-E293-4D3F-9407-CA204F6C435E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E672542-0D45-4AAC-BA3B-36CD0DC9CB06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3F50DAE-3AD8-495B-9284-913F3D56900C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDB6BC2B-17D0-4834-AFC2-0B5059D92622}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{56DCFB0E-7EF3-409E-B1CA-6F57EAA85150}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E7D1C8DD-A752-4F6C-84AB-0612C1BDB1E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F60A65AD-27FB-457A-BAF1-FF3BFF127516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BCB63328-9566-4424-AD5A-06C2F11A6E01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-01-2018 05:20:43 Windows Update
22-01-2018 16:52:52 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2018 10:22:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1104

Start Time: 01d3946dee9e9de2

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e5102be8-0061-11e8-80e9-0c54a5040edd

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/23/2018 10:18:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/23/2018 10:18:39 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/23/2018 10:18:36 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/23/2018 10:18:35 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/23/2018 10:18:31 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/23/2018 10:18:31 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/23/2018 10:10:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/23/2018 09:59:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CORRELLS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/23/2018 09:59:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CORRELLS)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (01/23/2018 09:59:17 AM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (01/23/2018 09:59:17 AM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (01/23/2018 09:59:17 AM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)
Description: The server Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca did not register with DCOM within the required timeout.

Error: (01/23/2018 09:54:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 13 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (01/23/2018 09:54:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/23/2018 09:54:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira System Speedup service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2018 09:54:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2018 09:54:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Updater Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/23/2018 09:54:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Touchpoint Analytics service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/23/2018 09:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2018-01-06 09:09:57.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:54.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:50.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:49.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:48.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:47.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:45.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:44.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:42.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-01-06 09:09:41.266
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 3541.49 MB
Available physical RAM: 1319.91 MB
Total Virtual: 4757.49 MB
Available Virtual: 2259.53 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.13 GB) (Free:391.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.71 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D7091893)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Are you still getting the ads and popups?


  • 0

#5
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
No ads or popups, but I was on IE and browsing Facebook when it said again that "Facebook.com is not responding" with a "restart Browser" button. This time it only showed it briefly and then went away. Usually I would have to click the button to restart the browser. This time it just continued like normal. Not sure what is causing that.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

Can't do much on IE for Facebook but if you want to use Chrome, Firefox or Edge you can get the F B Purity extension from

 

http://www.fbpurity.com/

 

It will kill off all of Facebook's garbage ads and make it load much faster.  I had a really slow connection when I was out in Colorado last summer and Facebook was impossible to use.  I got F B Purity and Facebook started working again.

 

There is another extension you can get for Chrome or Firefox called Ublock Origin.  It will kill off most ads on all pages.  Unlike Adblock Plus big companies can't pay Ublock Origin to allow their ads.

 

Just make sure you have the latest Chrome or Firefox.  Your current Firefox is very old.


  • 0

#7
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

I will try this today and report back.


  • 0

#8
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I installed those Extensions for Chrome and will start using them. Everything appears to be ok. Do we need to do anything else?
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

We can check to see if there is anything slowing down the CPU:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 


  • 0

#10
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Here are the logs:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 54.65 0 K 4 K 0   
procexp64.exe 15.72 26,104 K 54,036 K 8168 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
TeamViewer_Desktop.exe 9.75 491,784 K 494,428 K 7624 TeamViewer 13 TeamViewer GmbH (Verified) TeamViewer GmbH
unlimited.exe 3.62 20,540 K 2,612 K 5648 Display Start Screen Unlimited on the top of Windows 8 start screen Greatis Software (Verified) Greatis Software LLC
TeamViewer_Service.exe 3.49 17,024 K 20,816 K 2176 TeamViewer 13 TeamViewer GmbH (Verified) TeamViewer GmbH
Interrupts 2.24 0 K 0 K n/a Hardware Interrupts and DPCs  
dwm.exe 2.02 19,424 K 13,896 K 884 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 1.75 145,784 K 4,800 K 4   
TeamViewer.exe 1.65 23,836 K 26,760 K 4440 TeamViewer 13 TeamViewer GmbH (Verified) TeamViewer GmbH
Avira Safe Shopping.exe 1.44 84,692 K 9,584 K 5164 Avira Safe Shopping Avira Operations Gmbh & Co. KG (Verified) Solute GmbH
Dropbox.exe 1.29 105,580 K 44,744 K 7036 Dropbox Dropbox, Inc. (Verified) Dropbox
csrss.exe 0.92 2,432 K 3,204 K 568 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
Avira.VpnService.exe 0.40 38,412 K 53,144 K 6308 VpnService Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
taskhostex.exe 0.26 4,632 K 7,656 K 772 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
Avira.ServiceHost.exe 0.22 36,436 K 2,640 K 2236 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
explorer.exe 0.17 77,416 K 75,208 K 3328 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Avira.Systray.exe 0.16 49,192 K 3,248 K 5920 Avira Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
svchost.exe 0.05 25,976 K 18,912 K 940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 0.05 3,236 K 4,604 K 656 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.04 34,728 K 27,840 K 3648 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
Avira.SystemSpeedup.UI.Systray.exe 0.03 52,228 K 6,256 K 4304 Avira.SystemSpeedup.UI.Systray Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
CCleaner64.exe 0.02 11,616 K 16,764 K 4648 CCleaner Piriform Ltd (Verified) Piriform Ltd
sched.exe 0.02 5,040 K 8,268 K 1364 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
CLMLSvc_P2G8.exe 0.02 2,424 K 796 K 2700 CyberLink MediaLibray Service CyberLink (Verified) CyberLink Corp.
svchost.exe 0.01 28,656 K 30,020 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 6,488 K 9,288 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
tv_w32.exe < 0.01 1,096 K 732 K 3352 TeamViewer 13 TeamViewer GmbH (Verified) TeamViewer GmbH
officeclicktorun.exe < 0.01 26,684 K 16,952 K 1868 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
avguard.exe < 0.01 358,240 K 8,948 K 1612 Antivirus Host Framework Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
CLMSServerPDVD12.exe < 0.01 5,788 K 14,368 K 7236 CyberLink Media Server Service CyberLink (Verified) CyberLink Corp.
tv_x64.exe < 0.01 1,128 K 548 K 2864 TeamViewer 13 TeamViewer GmbH (Verified) TeamViewer GmbH
TouchpointAnalyticsClientService.exe < 0.01 29,348 K 14,640 K 2428 HP Touchpoint Analytics Client Service HP Inc. (Verified) HP Inc.
csrss.exe < 0.01 1,828 K 1,808 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe < 0.01 5,720 K 4,204 K 1332 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe  1,900 K 6,156 K 904 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  1,308 K 1,624 K 612 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  764 K 144 K 560 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe  9,156 K 7,024 K 5404 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  80,040 K 75,168 K 480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,860 K 7,244 K 3140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  5,148 K 6,036 K 756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  18,368 K 17,576 K 1400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  11,808 K 14,684 K 328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  8,656 K 10,492 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,308 K 1,560 K 1632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,904 K 8,328 K 2004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,340 K 2,316 K 3224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smss.exe  284 K 276 K 316 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
SkyDrive.exe  6,076 K 2,144 K 4568 OneDrive Sync Engine Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe  11,284 K 804 K 4220 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  5,172 K 11,632 K 1380 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe  1,420 K 1,224 K 1044 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  4,076 K 3,080 K 1060 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  5,556 K 3,168 K 1068 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,356 K 7,400 K 4232 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
onenotem.exe  2,404 K 2,892 K 4152 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe  1,656 K 8,112 K 2080 Notepad Microsoft Corporation (Verified) Microsoft Windows
MotoHelperService.exe  2,444 K 2,640 K 1420 MotoHelper Service Motorola Mobility LLC (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe  2,092 K 2,540 K 4004 MotoHelperAgent Motorola Mobility LLC (Verified) Motorola Mobility Inc.
lsass.exe  6,016 K 8,124 K 664 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
livecomm.exe  26,800 K 27,268 K 4672 Communications Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HPSupportSolutionsFrameworkService.exe  26,324 K 4,084 K 472 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
GoogleCrashHandler64.exe  1,276 K 228 K 3172 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe  1,356 K 228 K 2152 Google Crash Handler Google Inc. (Verified) Google Inc
GamesAppIntegrationService.exe  1,376 K 2,264 K 1676 WildTangent Games App Integration Service WildTangent (Verified) WildTangent Inc
Dropbox.exe  1,708 K 2,548 K 5560 Dropbox Dropbox, Inc. (Verified) Dropbox
Dropbox.exe  1,152 K 132 K 3308 Dropbox Dropbox, Inc. (Verified) Dropbox
dasHost.exe  4,116 K 7,596 K 1040 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
CLMSMonitorServicePDVD12.exe  988 K 836 K 1900 CyberLink Media Server Monitor Service CyberLink (Verified) CyberLink Corp.
CLHNServiceForPowerDVD12.exe  992 K 932 K 3108 CLHNServiceForPowerDVD12 Module CyberLink Corp. (Verified) CyberLink Corp.
avshadow.exe  1,168 K 448 K 2964 AntiVir shadow copy service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
Avira.SystemSpeedup.SpeedupService.exe  39,964 K 18,084 K 2444 Avira.SystemSpeedup.SpeedupService Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
Avira.SoftwareUpdater.ServiceHost.exe  54,200 K 42,220 K 6112 Avira Updater Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
avgnt.exe  5,892 K 1,612 K 5284 Avira system tray application Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
audiodg.exe  12,740 K 11,556 K 5056 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe  1,020 K 140 K 1580 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
AERTSr64.exe  488 K 96 K 1596 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics

 

 

Image Name                     PID Services                                   
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
smss.exe                       316 N/A                                        
csrss.exe                      476 N/A                                        
wininit.exe                    560 N/A                                        
csrss.exe                      568 N/A                                        
winlogon.exe                   612 N/A                                        
services.exe                   656 N/A                                        
lsass.exe                      664 SamSs, VaultSvc                            
svchost.exe                    724 BrokerInfrastructure, DcomLaunch, LSM,     
                                   PlugPlay, Power, SystemEventsBroker        
svchost.exe                    756 RpcEptMapper, RpcSs                        
dwm.exe                        884 N/A                                        
svchost.exe                    940 Audiosrv, Dhcp, EventLog,                  
                                   HomeGroupProvider, Wcmsvc, wscsvc          
svchost.exe                    984 Appinfo, BITS, Browser, iphlpsvc,          
                                   LanmanServer, MMCSS, ProfSvc, Schedule,    
                                   SENS, ShellHWDetection, Themes, Winmgmt    
svchost.exe                    328 EventSystem, fdPHost, FontCache, netprofm, 
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc   
svchost.exe                    480 AudioEndpointBuilder,                      
                                   DeviceAssociationService, hidserv,         
                                   NcbService, PcaSvc, SysMain, TrkWks, WlanSv
RtkAudioService64.exe         1044 RtkAudioService                            
RAVBg64.exe                   1060 N/A                                        
RAVBg64.exe                   1068 N/A                                        
svchost.exe                   1100 CryptSvc, Dnscache, LanmanWorkstation,     
                                   NlaSvc                                     
spoolsv.exe                   1332 Spooler                                    
sched.exe                     1364 AntiVirSchedulerService                    
svchost.exe                   1400 BFE, DPS, MpsSvc, NcdAutoSetup             
armsvc.exe                    1580 AdobeARMservice                            
AERTSr64.exe                  1596 AERTFilters                                
avguard.exe                   1612 AntiVirService                             
svchost.exe                   1632 AppHostSvc                                 
officeclicktorun.exe          1868 ClickToRunSvc                              
CLMSMonitorServicePDVD12.     1900 CyberLink PowerDVD 12 Media Server Monitor S
                                   ervice                                     
svchost.exe                   2004 DiagTrack                                  
dasHost.exe                   1040 N/A                                        
MotoHelperService.exe         1420 Motorola Device Manager                    
TeamViewer_Service.exe        2176 TeamViewer                                 
Avira.ServiceHost.exe         2236 Avira.ServiceHost                          
avshadow.exe                  2964 N/A                                        
svchost.exe                   3140 FDResPub, QWAVE, SSDPSRV, TimeBroker       
svchost.exe                   3224 PolicyAgent                                
tv_w32.exe                    3352 N/A                                        
tv_x64.exe                    2864 N/A                                        
CLHNServiceForPowerDVD12.     3108 CLHNServiceForPowerDVD12                   
GamesAppIntegrationServic     1676 GamesAppIntegrationService                 
HPSupportSolutionsFramewo      472 HPSupportSolutionsFrameworkService         
GoogleCrashHandler.exe        2152 N/A                                        
TouchpointAnalyticsClient     2428 HPTouchpointAnalyticsService               
GoogleCrashHandler64.exe      3172 N/A                                        
SearchIndexer.exe             3648 WSearch                                    
Avira.SystemSpeedup.Speed     2444 SpeedupService                             
explorer.exe                  3328 N/A                                        
MotoHelperAgent.exe           4004 N/A                                        
taskhostex.exe                 772 N/A                                        
TeamViewer.exe                4440 N/A                                        
SkyDrive.exe                  4568 N/A                                        
SettingSyncHost.exe           4220 N/A                                        
audiodg.exe                   5056 N/A                                        
CLMLSvc_P2G8.exe              2700 N/A                                        
onenotem.exe                  4152 N/A                                        
CCleaner64.exe                4648 N/A                                        
Avira Safe Shopping.exe       5164 N/A                                        
avgnt.exe                     5284 N/A                                        
Avira.Systray.exe             5920 N/A                                        
unlimited.exe                 5648 N/A                                        
Avira.SystemSpeedup.UI.Sy     4304 N/A                                        
taskhost.exe                  5404 N/A                                        
Avira.SoftwareUpdater.Ser     6112 AviraUpdaterService                        
Dropbox.exe                   7036 N/A                                        
Dropbox.exe                   5560 N/A                                        
Dropbox.exe                   3308 N/A                                        
livecomm.exe                  4672 N/A                                        
RuntimeBroker.exe             1380 N/A                                        
CLMSServerPDVD12.exe          7236 CyberLink PowerDVD 12 Media Server Service 
WmiPrvSE.exe                   904 N/A                                        
TeamViewer_Desktop.exe        7624 N/A                                        
notepad.exe                   2080 N/A                                        
Avira.VpnService.exe          6308 AviraPhantomVPN                            
SearchProtocolHost.exe        5460 N/A                                        
SearchFilterHost.exe          7192 N/A                                        
cmd.exe                       3320 N/A                                        
conhost.exe                   2312 N/A                                        
tasklist.exe                  7132 N/A                                        
WmiPrvSE.exe                  6984 N/A                                        
 

Attached Files


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

This seems excessive:

 

Interrupts 2.24 0 K 0 K n/a Hardware Interrupts and DPCs

 

I like to see under 1.4 %.  2.24 is a bit too high for good performance.

 

See what WhySoSlow says:

 

hySoSlow:

The Download is on

http://www.resplendence.com/downloads

Look under System Monitoring Tools for WhySoSlow 1.0  then click on


Download free home edition

Save the file then right click and Run As Admin.  Follow the prompts. Let it run for a minute (watch the Time Running indication at the bottom) then hit Analyze

Then when a new window appears hit Analyze again.   Once the report appears scroll down and see if it complains about anything.  You can Save the report but it saves as WhySoSlowOutput.htm which the forum won't let you attach.  You can either zip it up or rename it to WhySoSlowOutput.txt then attach it.


  • 0

#12
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

I saved it as a text but it still won't let me upload it to the forums.  It says "Error This upload failed"


  • 0

#13
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

I think I got it this time.

Attached Files


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,173 posts
  • MVP

WhySoSlow is happy with it so perhaps there is nothing wrong.  Is it working as fast as it usually does?


  • 0

#15
rockitout

rockitout

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

ok.  Thank you.  So what next?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP