Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Problems with ads, popups, and browser restarts

Started by rockitout , Jan 22 2018 08:16 PM

Please log in to reply

#1
rockitout

Posted 22 January 2018 - 08:16 PM

Member

Member
140 posts

Hello, I'm having a lot of problems with my computer as of late. The computer runs very slow. I get a lot of ads that pop up. And when I'm browsing facebook, my browser states that it needs to restart for some reason. I have posted the FRST logs below as instructed. Thank you in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018

Ran by Albert (administrator) on CORRELLS (22-01-2018 16:14:17)

Running from C:\Users\Albert\Desktop

Loaded Profiles: Albert (Available Profiles: Albert)

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe

(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Greatis Software) C:\Program Files (x86)\Start Screen Unlimited\unlimited.exe

(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe

(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe

() C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe

(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClient.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2017-12-04] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [624264 2017-12-19] (Avira Operations Gmbh & Co. KG)

HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [Dropbox Update] => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)

HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)

AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => No File

Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-01-12]

ShortcutTarget: Dropbox.lnk -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-12]

ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Albert\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-12]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

CHR HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

Tcpip\..\Interfaces\{8E304197-ADA7-41F1-9EFD-64AE63A2F549}: [DhcpNameServer] 192.168.15.1

Tcpip\..\Interfaces\{B305DF31-E605-491B-B209-2323E806FA7D}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1

HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> DefaultScope {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {B17F7D54-14DF-425B-9146-8662A3435174} URL = hxxp://isearch.shopathome.com?user_id={B43DDDCB-A2AC-4556-AD06-C7E27E0FBFD5}&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)

Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default [2018-01-22]

FF Homepage: Mozilla\Firefox\Profiles\t8kv3jfy.default -> google.com

FF Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]

FF Extension: (Firefox Hotfix) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2017-01-06] [Legacy]

FF Extension: (Gmail panel) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2016-01-08] [Legacy]

FF Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]

FF Extension: (Adblock Plus) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-06] [Legacy]

FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\bingp.xml [2014-08-20]

FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\yahoo-avast.xml [2014-09-03]

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-01-17] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3638795625-3106638858-2927296518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Albert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)

Chrome:

=======

CHR DefaultProfile: Profile 2

CHR HomePage: Profile 2 -> ichro.me

CHR StartupUrls: Profile 2 -> "hxxp://ichro.me/redirect"

CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-01-06]

CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-08]

CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]

CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]

CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]

CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]

CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-22]

CHR Extension: (Slides) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-13]

CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-22]

CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]

CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]

CHR Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-01-22]

CHR Extension: (Adblock Plus) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-12-13]

CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]

CHR Extension: (Sheets) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-13]

CHR Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-01-22]

CHR Extension: (Google Docs Offline) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-22]

CHR Extension: (iChrome - A Fast, Productive Home Page) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oghkljobbhapacbahlneolfclkniiami [2018-01-22]

CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]

CHR Extension: (Chrome Media Router) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-22]

CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-06]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2018-01-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2018-01-03] (Avira Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-16] (Avira Operations GmbH & Co. KG)

R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)

R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-29] (WildTangent)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)

R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)

R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2017-12-04] (Avira Operations GmbH & Co. KG)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2018-01-03] (Avira Operations GmbH & Co. KG)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-01-03] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169376 2018-01-03] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-01-03] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-01-03] (Avira Operations GmbH & Co. KG)

R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-01-03] (Avira Operations GmbH & Co. KG)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)

S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-05-07] ()

R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)

R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2016-04-16] (Realtek Semiconductor Corp.)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 16:14 - 2018-01-22 16:16 - 000022474 _____ C:\Users\Albert\Desktop\FRST.txt

2018-01-22 16:13 - 2018-01-22 16:14 - 000000000 ____D C:\FRST

2018-01-22 16:11 - 2018-01-22 16:11 - 002393088 _____ (Farbar) C:\Users\Albert\Desktop\FRST64.exe

2018-01-22 15:34 - 2018-01-22 15:34 - 000000000 ____D C:\Users\Albert\AppData\Local\TeamViewer

2018-01-12 06:34 - 2018-01-12 06:34 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2018-01-12 06:00 - 2017-12-20 16:56 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2018-01-12 06:00 - 2017-12-20 16:56 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2018-01-12 05:24 - 2018-01-01 23:39 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2018-01-12 05:24 - 2018-01-01 23:39 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2018-01-12 05:24 - 2018-01-01 23:03 - 025739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2018-01-12 05:24 - 2018-01-01 23:00 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2018-01-12 05:24 - 2018-01-01 22:38 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2018-01-12 05:24 - 2018-01-01 22:28 - 005796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2018-01-12 05:24 - 2018-01-01 22:20 - 020275200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2018-01-12 05:24 - 2018-01-01 21:44 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2018-01-12 05:24 - 2017-12-10 06:46 - 007079424 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll

2018-01-12 05:24 - 2017-12-10 06:24 - 005275136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll

2018-01-12 05:24 - 2017-12-10 06:06 - 007797760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2018-01-12 05:24 - 2017-12-05 09:58 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2018-01-12 05:23 - 2018-01-02 01:00 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys

2018-01-12 05:23 - 2018-01-02 01:00 - 000242520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys

2018-01-12 05:23 - 2018-01-02 01:00 - 000214392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll

2018-01-12 05:23 - 2018-01-02 00:56 - 002530400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2018-01-12 05:23 - 2018-01-02 00:56 - 000567656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2018-01-12 05:23 - 2018-01-02 00:56 - 000397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2018-01-12 05:23 - 2018-01-02 00:56 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

2018-01-12 05:23 - 2018-01-01 23:39 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2018-01-12 05:23 - 2018-01-01 23:39 - 000418648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2018-01-12 05:23 - 2018-01-01 23:39 - 000354648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys

2018-01-12 05:23 - 2018-01-01 23:38 - 002176064 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2018-01-12 05:23 - 2018-01-01 23:38 - 001662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2018-01-12 05:23 - 2018-01-01 23:38 - 001063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2018-01-12 05:23 - 2018-01-01 23:37 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2018-01-12 05:23 - 2018-01-01 23:37 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2018-01-12 05:23 - 2018-01-01 23:37 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2018-01-12 05:23 - 2018-01-01 23:37 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2018-01-12 05:23 - 2018-01-01 23:37 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2018-01-12 05:23 - 2018-01-01 23:37 - 001135280 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2018-01-12 05:23 - 2018-01-01 23:37 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

2018-01-12 05:23 - 2018-01-01 23:35 - 001307840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll

2018-01-12 05:23 - 2018-01-01 23:35 - 000989528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2018-01-12 05:23 - 2018-01-01 23:05 - 000164296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll

2018-01-12 05:23 - 2018-01-01 23:03 - 000341384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2018-01-12 05:23 - 2018-01-01 23:01 - 001902328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2018-01-12 05:23 - 2018-01-01 22:59 - 001565520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2018-01-12 05:23 - 2018-01-01 22:59 - 001213784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2018-01-12 05:23 - 2018-01-01 22:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2018-01-12 05:23 - 2018-01-01 22:48 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

2018-01-12 05:23 - 2018-01-01 22:40 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll

2018-01-12 05:23 - 2018-01-01 22:39 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2018-01-12 05:23 - 2018-01-01 22:39 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2018-01-12 05:23 - 2018-01-01 22:39 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys

2018-01-12 05:23 - 2018-01-01 22:39 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys

2018-01-12 05:23 - 2018-01-01 22:38 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2018-01-12 05:23 - 2018-01-01 22:38 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2018-01-12 05:23 - 2018-01-01 22:38 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2018-01-12 05:23 - 2018-01-01 22:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2018-01-12 05:23 - 2018-01-01 22:38 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys

2018-01-12 05:23 - 2018-01-01 22:38 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys

2018-01-12 05:23 - 2018-01-01 22:37 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2018-01-12 05:23 - 2018-01-01 22:37 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys

2018-01-12 05:23 - 2018-01-01 22:34 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2018-01-12 05:23 - 2018-01-01 22:31 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll

2018-01-12 05:23 - 2018-01-01 22:30 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2018-01-12 05:23 - 2018-01-01 22:28 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2018-01-12 05:23 - 2018-01-01 22:28 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2018-01-12 05:23 - 2018-01-01 22:28 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2018-01-12 05:23 - 2018-01-01 22:28 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe

2018-01-12 05:23 - 2018-01-01 22:19 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll

2018-01-12 05:23 - 2018-01-01 22:18 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2018-01-12 05:23 - 2018-01-01 22:17 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2018-01-12 05:23 - 2018-01-01 22:17 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2018-01-12 05:23 - 2018-01-01 22:16 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2018-01-12 05:23 - 2018-01-01 22:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2018-01-12 05:23 - 2018-01-01 22:06 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2018-01-12 05:23 - 2018-01-01 22:02 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2018-01-12 05:23 - 2018-01-01 21:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll

2018-01-12 05:23 - 2018-01-01 21:59 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll

2018-01-12 05:23 - 2018-01-01 21:57 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe

2018-01-12 05:23 - 2018-01-01 21:56 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2018-01-12 05:23 - 2018-01-01 21:54 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2018-01-12 05:23 - 2018-01-01 21:53 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2018-01-12 05:23 - 2018-01-01 21:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2018-01-12 05:23 - 2018-01-01 21:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2018-01-12 05:23 - 2018-01-01 21:49 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2018-01-12 05:23 - 2018-01-01 21:48 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2018-01-12 05:23 - 2018-01-01 21:45 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll

2018-01-12 05:23 - 2018-01-01 21:44 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll

2018-01-12 05:23 - 2018-01-01 21:43 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2018-01-12 05:23 - 2018-01-01 21:42 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2018-01-12 05:23 - 2018-01-01 21:42 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2018-01-12 05:23 - 2018-01-01 21:41 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2018-01-12 05:23 - 2018-01-01 21:40 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2018-01-12 05:23 - 2018-01-01 21:40 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2018-01-12 05:23 - 2018-01-01 21:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2018-01-12 05:23 - 2018-01-01 21:38 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2018-01-12 05:23 - 2018-01-01 21:37 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2018-01-12 05:23 - 2018-01-01 21:34 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll

2018-01-12 05:23 - 2018-01-01 21:34 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2018-01-12 05:23 - 2018-01-01 21:33 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2018-01-12 05:23 - 2018-01-01 21:33 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2018-01-12 05:23 - 2018-01-01 21:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2018-01-12 05:23 - 2018-01-01 21:32 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2018-01-12 05:23 - 2018-01-01 21:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2018-01-12 05:23 - 2018-01-01 21:29 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll

2018-01-12 05:23 - 2018-01-01 21:27 - 001696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll

2018-01-12 05:23 - 2018-01-01 21:27 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2018-01-12 05:23 - 2018-01-01 21:26 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2018-01-12 05:23 - 2018-01-01 21:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2018-01-12 05:23 - 2018-01-01 21:25 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2018-01-12 05:23 - 2018-01-01 21:25 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2018-01-12 05:23 - 2018-01-01 21:23 - 004508160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2018-01-12 05:23 - 2018-01-01 21:23 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2018-01-12 05:23 - 2018-01-01 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2018-01-12 05:23 - 2018-01-01 21:22 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll

2018-01-12 05:23 - 2018-01-01 21:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2018-01-12 05:23 - 2018-01-01 21:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2018-01-12 05:23 - 2018-01-01 21:18 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll

2018-01-12 05:23 - 2018-01-01 21:18 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2018-01-12 05:23 - 2018-01-01 21:17 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2018-01-12 05:23 - 2018-01-01 21:17 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2018-01-12 05:23 - 2018-01-01 21:17 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll

2018-01-12 05:23 - 2018-01-01 21:17 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2018-01-12 05:23 - 2018-01-01 21:16 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2018-01-12 05:23 - 2018-01-01 21:16 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2018-01-12 05:23 - 2018-01-01 21:16 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll

2018-01-12 05:23 - 2018-01-01 21:16 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2018-01-12 05:23 - 2018-01-01 21:15 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2018-01-12 05:23 - 2018-01-01 21:13 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll

2018-01-12 05:23 - 2018-01-01 21:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll

2018-01-12 05:23 - 2018-01-01 21:11 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2018-01-12 05:23 - 2018-01-01 21:09 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2018-01-12 05:23 - 2018-01-01 21:09 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll

2018-01-12 05:23 - 2018-01-01 21:09 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll

2018-01-12 05:23 - 2018-01-01 21:08 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll

2018-01-12 05:23 - 2018-01-01 21:07 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2018-01-12 05:23 - 2018-01-01 21:07 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll

2018-01-12 05:23 - 2018-01-01 21:06 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2018-01-12 05:23 - 2018-01-01 21:05 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll

2018-01-12 05:23 - 2018-01-01 21:04 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2018-01-12 05:23 - 2018-01-01 20:59 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll

2018-01-12 05:23 - 2018-01-01 20:58 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2018-01-12 05:23 - 2018-01-01 20:57 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll

2018-01-12 05:23 - 2018-01-01 20:56 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll

2018-01-12 05:23 - 2018-01-01 20:55 - 003548160 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2018-01-12 05:23 - 2018-01-01 20:54 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2018-01-12 05:23 - 2018-01-01 20:53 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2018-01-12 05:23 - 2017-12-29 01:21 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll

2018-01-12 05:23 - 2017-12-14 16:26 - 000374096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2018-01-12 05:23 - 2017-12-14 14:39 - 000315736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2018-01-12 05:23 - 2017-12-14 03:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2018-01-12 05:23 - 2017-12-14 03:17 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2018-01-12 05:23 - 2017-12-10 06:59 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2018-01-12 05:23 - 2017-12-10 06:58 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2018-01-12 05:23 - 2017-12-10 05:59 - 005270528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2018-01-12 05:23 - 2017-12-05 21:42 - 002452816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2018-01-12 05:23 - 2014-11-07 21:00 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys

2018-01-12 05:23 - 2014-11-07 20:56 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp

2018-01-12 05:23 - 2014-11-07 20:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll

2018-01-12 05:23 - 2014-11-07 20:56 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll

2018-01-12 05:23 - 2014-11-07 20:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll

2018-01-12 05:23 - 2014-11-07 20:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp

2018-01-12 05:23 - 2014-11-07 20:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll

2018-01-12 05:23 - 2014-11-07 20:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll

2018-01-12 05:23 - 2014-11-07 19:48 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll

2018-01-12 05:23 - 2014-11-03 23:27 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe

2018-01-06 12:57 - 2018-01-06 12:57 - 000007690 _____ C:\Users\Albert\Desktop\cc_20180106_125658.reg

2018-01-06 12:56 - 2018-01-06 12:56 - 000117904 _____ C:\Users\Albert\Desktop\cc_20180106_125614.reg

2018-01-06 12:45 - 2018-01-06 12:45 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update

2018-01-06 12:38 - 2018-01-06 12:38 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira

2018-01-06 12:36 - 2018-01-06 12:36 - 000000000 ____D C:\Users\Albert\AppData\Local\AMD

2018-01-06 11:23 - 2018-01-06 11:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT

2018-01-06 11:23 - 2016-09-09 11:25 - 000269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll

2018-01-06 11:23 - 2016-09-09 11:25 - 000261920 _____ C:\WINDOWS\system32\vulkan-1.dll

2018-01-06 11:23 - 2016-09-09 11:25 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe

2018-01-06 11:23 - 2016-09-09 11:24 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe

2018-01-06 11:16 - 2018-01-06 11:19 - 000000000 ____D C:\AMD

2018-01-06 11:16 - 2018-01-06 11:16 - 000000000 ____D C:\Users\Albert\AppData\Local\RadeonInstaller

2018-01-06 10:06 - 2018-01-06 10:06 - 000003546 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater

2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira_Operations_Gmbh_&_C

2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira Operations Gmbh & Co. KG

2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG

2018-01-06 10:03 - 2018-01-06 10:03 - 000003292 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray

2018-01-06 10:03 - 2018-01-06 10:03 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf

2018-01-06 10:02 - 2018-01-03 22:33 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2018-01-06 10:02 - 2018-01-03 22:33 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

2018-01-06 10:02 - 2018-01-03 22:33 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys

2018-01-06 10:02 - 2018-01-03 22:33 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys

2018-01-06 10:02 - 2018-01-03 22:33 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys

2018-01-06 10:02 - 2018-01-03 22:33 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys

2018-01-06 09:59 - 2018-01-06 09:59 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira

2018-01-06 09:55 - 2018-01-22 12:39 - 000000000 ____D C:\Users\Public\Speedup Sessions

2018-01-06 09:55 - 2018-01-06 09:55 - 000003662 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate

2018-01-06 09:49 - 2018-01-17 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2018-01-06 09:49 - 2018-01-06 10:06 - 000000000 ____D C:\Program Files (x86)\Avira

2018-01-06 09:49 - 2018-01-06 10:02 - 000000000 ____D C:\ProgramData\Avira

2018-01-06 09:49 - 2018-01-06 09:49 - 000001215 _____ C:\Users\Public\Desktop\Avira.lnk

2018-01-06 09:35 - 2018-01-06 09:35 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\MB3CoreBackup

2018-01-06 09:35 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2018-01-06 09:10 - 2018-01-06 09:10 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk

2018-01-06 09:10 - 2018-01-06 09:10 - 000000978 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-22 16:14 - 2015-06-16 22:26 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job

2018-01-22 16:01 - 2016-03-03 20:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2018-01-22 15:54 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp

2018-01-22 15:38 - 2014-01-16 05:01 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3638795625-3106638858-2927296518-1001

2018-01-22 15:35 - 2014-01-21 16:22 - 000000540 _____ C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website

2018-01-22 12:42 - 2015-06-04 22:00 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin

2018-01-22 12:10 - 2016-01-08 11:00 - 000000000 __RDO C:\Users\Albert\OneDrive

2018-01-21 21:17 - 2013-08-22 08:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2018-01-21 21:14 - 2015-06-16 22:26 - 000000888 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job

2018-01-21 21:11 - 2014-06-03 10:16 - 000000000 ____D C:\Program Files\Microsoft Office 15

2018-01-21 20:16 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\NDF

2018-01-21 20:11 - 2014-01-16 04:55 - 000003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1AB0B2E-1ED5-4C0B-81B4-ED19FE8E5F44}

2018-01-21 20:11 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness

2018-01-14 08:44 - 2014-04-15 12:31 - 000000000 ____D C:\Temp

2018-01-13 16:28 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2018-01-13 16:27 - 2013-08-22 06:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI

2018-01-12 06:35 - 2014-04-03 17:24 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Dropbox

2018-01-12 06:03 - 2014-11-21 01:44 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2018-01-12 06:03 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf

2018-01-12 05:58 - 2013-08-22 07:44 - 000498600 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2018-01-12 05:52 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData

2018-01-12 05:36 - 2014-01-19 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT

2018-01-12 05:28 - 2017-10-12 22:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe

2018-01-12 05:28 - 2014-01-19 14:31 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2018-01-10 10:20 - 2014-03-22 17:19 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2018-01-06 12:45 - 2016-07-05 21:40 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk

2018-01-06 12:45 - 2016-07-05 21:40 - 000000000 ____D C:\Program Files\CCleaner

2018-01-06 11:45 - 2017-11-18 09:03 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job

2018-01-06 11:26 - 2013-11-08 23:22 - 000000000 ____D C:\Program Files (x86)\ATI Technologies

2018-01-06 11:19 - 2013-04-03 17:17 - 000000000 ____D C:\ProgramData\Package Cache

2018-01-06 11:09 - 2017-11-18 09:03 - 000003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlbert

2018-01-06 09:30 - 2014-03-22 16:38 - 000000000 ____D C:\ProgramData\AVAST Software

2018-01-06 09:29 - 2014-03-22 17:21 - 000000000 ____D C:\Program Files\Google

2018-01-06 09:29 - 2014-03-22 17:10 - 000000000 ____D C:\Program Files (x86)\Google

2018-01-06 09:21 - 2016-07-05 21:40 - 000002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2018-01-06 09:21 - 2016-01-08 10:34 - 000002218 _____ C:\WINDOWS\System32\Tasks\Start Screen Unlimited Schedule Task

2018-01-06 09:21 - 2015-06-16 22:26 - 000003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA

2018-01-06 09:21 - 2015-06-16 22:26 - 000003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core

2018-01-06 09:21 - 2014-12-31 09:34 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2018-01-06 09:21 - 2014-04-15 12:31 - 000002026 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update

2018-01-06 09:21 - 2014-04-15 12:31 - 000002008 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine

2018-01-06 09:21 - 2014-03-22 17:11 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2018-01-06 09:21 - 2014-03-22 17:11 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2018-01-06 09:21 - 2013-11-08 23:57 - 000002204 _____ C:\WINDOWS\System32\Tasks\MirageAgent

2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher

2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8

2018-01-06 09:19 - 2014-03-22 17:10 - 000000000 ____D C:\Users\Albert\AppData\Local\Google

2017-12-27 08:12 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2014-04-22 09:51 - 2014-04-22 09:52 - 000000314 _____ () C:\Users\Albert\AppData\Roaming\aps.uninstall.scan.results

2014-04-01 14:41 - 2014-04-17 15:12 - 000007605 _____ () C:\Users\Albert\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-12 06:10

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018

Ran by Albert (22-01-2018 16:29:34)

Running from C:\Users\Albert\Desktop

Windows 8.1 (Update) (X64) (2015-06-05 13:12:39)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3638795625-3106638858-2927296518-500 - Administrator - Disabled)

Albert (S-1-5-21-3638795625-3106638858-2927296518-1001 - Administrator - Enabled) => C:\Users\Albert

Guest (S-1-5-21-3638795625-3106638858-2927296518-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)

Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)

Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.17 - Avira Operations GmbH & Co. KG)

Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.11.3.29834 - Avira Operations GmbH & Co. KG)

Avira Safe Shopping (HKLM-x32\...\{FA4F79B8-FA3E-4BDC-82B1-F0AA064E24C0}) (Version: 1.0.49.1987 - Avira Operations Gmbh & Co. KG)

Avira Software Updater (HKLM-x32\...\{3850873E-EFAF-4712-94DF-D1E81FFA9F88}) (Version: 2.0.4.50571 - Avira Operations GmbH & Co. KG)

Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.4.0.6828 - Avira Operations GmbH & Co. KG)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)

Cyberlink PhotoDirector (HKLM-x32\...\{39337565-330E-4AB6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)

DigiSmirkz Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\DigiSmirkzTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION

Dropbox (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)

Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Connected Music (Meridian - player) (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.5.37.19 - HP)

HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)

HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)

Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Motitags Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\MotitagsTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION

Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)

Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)

Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)

ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com) <==== ATTENTION

Start Screen Unlimited Lite 3.1 (HKLM-x32\...\Start Screen Unlimited Lite_is1) (Version: - Greatis Software, LLC.)

TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)

Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)

Unity Web Player (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)

ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)

ContextMenuHandlers1_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ContextMenuHandlers4_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

ContextMenuHandlers5_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037A081F-628D-4796-93C2-BEDC2ED781C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)

Task: {062AA61C-2C93-42C6-AC2F-4DC58522C3C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)

Task: {0B4ACFC9-7678-4BC4-8FE2-7E8BC495C7DF} - System32\Tasks\HPCeeScheduleForAlbert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION

Task: {16101842-1F98-4988-B291-63A9518C2B76} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-01-06] (Avira Operations GmbH & Co. KG )

Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION

Task: {16CB9CFE-31E8-401E-A79E-639FF0F3C152} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()

Task: {2B3C693A-73FF-438B-B149-493A57B9B0BF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {2BB1DE94-8613-4678-B48C-D8B969F24EBA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

Task: {34D0010E-EC3E-4B8A-8C5B-F3626FB82FBD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

Task: {370C67AB-9D3F-46BB-8F5A-F477F3D91ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)

Task: {3C1E0996-A84B-41A0-A88D-EDE53D5F9F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)

Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

Task: {44DC80AE-19CE-42F7-BFE2-0FFCABF9E334} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-12-04] (Avira Operations GmbH & Co. KG)

Task: {57AB092F-1E3D-4B78-B29F-E88343DF319F} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-12-04] (Avira Operations GmbH & Co. KG)

Task: {5A646D1D-2B29-4912-A8A2-B2EA0B427762} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)

Task: {60DE0EE9-49E2-41BC-8397-15F73B895324} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-01-03] (Avira Operations GmbH & Co. KG)

Task: {65923E58-1C20-4BBF-AE21-AD46681E6DB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)

Task: {66E2FD49-F8F5-401E-A939-2F045C80C5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION

Task: {7CBA983F-79F5-42A2-BB55-D2BAAE23D0E3} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)

Task: {85A68C60-49A2-4B07-AD98-DF9226D5C676} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

Task: {865C3EA3-1331-4632-B774-8E042D022A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)

Task: {8D90EE55-19DA-49FF-B78D-97EDC8E0D9CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)

Task: {9D0BDADA-53F1-49BF-AC93-E5B53187B4E9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)

Task: {9FC82034-8829-4EFC-9F9B-B84CCD4F6B6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)

Task: {AF3882E3-8991-4BE7-9577-5E10BBD577EB} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION

Task: {C9041102-7EB9-413A-A81A-6FEBA4C4EA07} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe [2017-12-19] (Avira Operations Gmbh & Co. KG)

Task: {C95A18D5-6486-4A0F-A033-A5B4EA1F2931} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION

Task: {D2DC50CF-1EF9-496D-AE30-631825CFBABD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)

Task: {E0EE1DED-6854-49A9-B020-ECF01E06A44C} - System32\Tasks\Start Screen Unlimited Schedule Task => C:\Program Files (x86)\Start Screen Unlimited\launcher.exe [2014-01-07] (Greatis Software)

Task: {EBD05904-7EBA-4243-A171-64D1BF783B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)

Task: {EC208AAC-772E-409C-AFC3-C39D43559F91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)

Task: {EFA4D654-7DE0-4DAD-98B9-DD62878A451D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {F15E7F9D-301F-4D06-84DB-765355AFC630} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)

Task: {F1C44F33-38A9-4EF5-A112-50E86EBA08A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Albert\AppData\Local\Microsoft\Windows\RoamingTiles\11029858760.lnk -> hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^us&si=CJnm_fewt8MCFcVgfgodnJ8A2w&n=781AA7CE&st=h

ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\11029858760.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xd8df544c -pinnedTimeHigh 0x01d14a4a -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000098 hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^u

ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2014-06-03 10:24 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2017-03-24 15:35 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2017-11-18 08:48 - 2017-12-07 12:22 - 000937912 _____ () C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe

2013-10-31 08:05 - 2013-10-31 08:05 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

2018-01-12 06:33 - 2018-01-08 14:15 - 000732480 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll

2018-01-12 06:33 - 2018-01-08 14:15 - 002061632 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll

2017-12-07 12:26 - 2018-01-08 14:15 - 000100296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000018888 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\select.pyd

2017-12-07 12:26 - 2018-01-08 14:16 - 000020800 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000035792 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000694224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000130512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 001856848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2018-01-12 06:33 - 2018-01-08 14:15 - 000145864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2018-01-12 06:33 - 2018-01-08 14:15 - 000116688 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2017-12-07 12:26 - 2018-01-08 14:15 - 000105928 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32api.pyd

2017-12-07 12:26 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000063296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000024528 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32event.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000040248 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\fastpath.pyd

2018-01-12 06:33 - 2018-01-08 14:15 - 000020936 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000124880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32file.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000116176 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32security.pyd

2018-01-12 06:33 - 2018-01-08 14:15 - 000392656 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2017-12-07 12:26 - 2018-01-08 14:16 - 000392512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2017-12-07 12:26 - 2018-01-08 14:16 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000175560 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32gui.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000030160 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000043472 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32process.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000026056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32job.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000048592 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32service.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000057808 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32evtlog.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000021824 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000023368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000022856 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd

2017-12-07 12:26 - 2018-01-08 14:16 - 000066392 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 001796920 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000084424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\sip.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 001956152 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 003859264 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000155464 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000521024 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000050496 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000042304 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000131384 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000218944 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000204096 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000025432 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000060880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32print.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000054608 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32profile.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000028616 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32ts.pyd

2017-12-07 12:26 - 2018-01-08 14:16 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000027488 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-12-07 12:26 - 2018-01-08 14:15 - 000349128 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000101184 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd

2017-12-07 12:26 - 2018-01-08 14:17 - 000023896 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000025424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2018-01-12 06:33 - 2018-01-08 14:15 - 000036296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsync.dll

2018-01-12 06:34 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000181056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2017-12-07 12:26 - 2018-01-08 14:16 - 000030536 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000024368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libEGL.DLL

2018-01-12 06:33 - 2018-01-08 14:16 - 001638200 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2017-12-07 12:26 - 2018-01-08 14:17 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000545080 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000359224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2018-01-12 06:33 - 2018-01-08 14:16 - 000038208 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd

2017-06-22 00:41 - 2017-06-22 00:41 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2013-11-08 23:28 - 2013-03-12 07:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-03-12 23:53 - 2013-03-12 23:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]

AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]

AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]

AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]

AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9 [136]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 192.168.0.1 - 205.171.3.25

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"

HKLM\...\StartupApproved\Run32: => "StartCCC"

HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{236E1666-A7B4-48FD-A263-A0B24032D702}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [UDP Query User{480800A7-9521-471E-9ECC-2D01EA989507}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{C379B869-E949-4FEE-94B2-FED51F64C120}C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\albert\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{4C70676A-9BEA-4B04-9557-C6F7941B940A}] => (Allow) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{5E66B12C-96E6-494A-ACB7-1630168BE089}] => (Allow) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{62740452-A57C-4433-9799-F49748701E7C}] => (Allow) LPort=1900

FirewallRules: [{FC9CA761-2516-42F9-B402-41554DD43A1B}] => (Allow) LPort=2869

FirewallRules: [{3EA7F053-0930-4D42-9C76-94E7705122A4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{2E185334-130F-4D23-B3D2-7028E8870011}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe

FirewallRules: [{8C1F29AD-36A2-447A-81FD-5FAF94711738}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe

FirewallRules: [{A06016A8-C65B-44BE-ADB4-00E9B6DB9537}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

FirewallRules: [{44236822-FFED-424D-BD0B-37AD8F9FD056}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe

FirewallRules: [{9017EB47-4D50-4CC1-983E-ADAB4936631F}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{4A10E9A5-D178-4098-9828-47E0F24A6E0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{9E16C7AF-875B-4BD7-B20F-C5CFAC342DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{0E6C375F-C850-47C8-998C-FCD3DED88113}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6F526047-EC37-418D-BDB0-26B15FD19F56}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6D66E776-9AA4-4AB0-9080-D1FAD31FA6ED}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe

FirewallRules: [{F231122D-97FA-4572-9465-E3F4BC85AB76}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe

FirewallRules: [{5D2B3C3E-3DDF-41F7-B028-DC708908884E}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe

FirewallRules: [{66D15028-B4EE-4109-8213-1F7934767937}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe

FirewallRules: [{304E7D73-59AA-47AC-9FA0-C5760003E1E7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe

FirewallRules: [{47A5632F-3F0A-45CE-90E7-98BB9CC84EA8}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe

FirewallRules: [{A971E6C3-5DF3-4816-B9B7-EF8C5901BBC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B1C4FFAE-E293-4D3F-9407-CA204F6C435E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{2E672542-0D45-4AAC-BA3B-36CD0DC9CB06}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C3F50DAE-3AD8-495B-9284-913F3D56900C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{EDB6BC2B-17D0-4834-AFC2-0B5059D92622}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{56DCFB0E-7EF3-409E-B1CA-6F57EAA85150}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{E7D1C8DD-A752-4F6C-84AB-0612C1BDB1E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{F60A65AD-27FB-457A-BAF1-FF3BFF127516}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{BCB63328-9566-4424-AD5A-06C2F11A6E01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-12-2017 08:09:29 Scheduled Checkpoint

06-01-2018 09:20:22 Removed TECH SUPPORT 8886763801

12-01-2018 05:20:43 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (01/22/2018 04:00:21 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e18

Start Time: 01d393d40571f549

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 0187cdc1-ffc8-11e7-80e8-0c54a5040edd

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/22/2018 03:38:19 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1250

Start Time: 01d393d15f0065a6

Termination Time: 10258

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: ead5beed-ffc4-11e7-80e8-0c54a5040edd

Faulting package full name:

Faulting package-relative application ID:

Error: (01/22/2018 03:30:12 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1bc4

Start Time: 01d393cfd47732d1

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cbdd19db-ffc3-11e7-80e8-0c54a5040edd

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/22/2018 03:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CORRELLS)

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/22/2018 02:58:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 87c

Start Time: 01d393cb78e9b73e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6cc4caf6-ffbf-11e7-80e8-0c54a5040edd

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 9.E.7.7.1.D.4.F.8.7.8.4.4.4.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR corrells.local.

Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353 18 9.E.7.7.1.D.4.F.8.7.8.4.4.4.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR corrells-2.local.

Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 2.0.168.192.in-addr.arpa. PTR corrells.local.

Error: (01/22/2018 02:54:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353 18 2.0.168.192.in-addr.arpa. PTR corrells-2.local.

Error: (01/22/2018 02:53:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CORRELLS)

Description: Activation of app Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:

=============

Error: (01/22/2018 12:41:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 13 time(s).

Error: (01/21/2018 10:00:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 12 time(s).

Error: (01/21/2018 08:38:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 11 time(s).

Error: (01/20/2018 01:03:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 10 time(s).

Error: (01/20/2018 01:02:28 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)

Description: The server Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4 did not register with DCOM within the required timeout.

Error: (01/20/2018 01:02:20 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)

Description: The server Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4 did not register with DCOM within the required timeout.

Error: (01/18/2018 12:04:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 9 time(s).

Error: (01/18/2018 12:04:24 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)

Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (01/18/2018 12:04:24 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)

Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (01/18/2018 12:04:14 PM) (Source: DCOM) (EventID: 10010) (User: CORRELLS)

Description: The server Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4 did not register with DCOM within the required timeout.

CodeIntegrity:

===================================

Date: 2018-01-06 09:09:57.974

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-01-06 09:09:54.178

Date: 2018-01-06 09:09:50.610

Date: 2018-01-06 09:09:49.485

Date: 2018-01-06 09:09:48.048

Date: 2018-01-06 09:09:47.079

Date: 2018-01-06 09:09:45.907

Date: 2018-01-06 09:09:44.532

Date: 2018-01-06 09:09:42.407

Date: 2018-01-06 09:09:41.266

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics

Percentage of memory in use: 66%

Total physical RAM: 3541.49 MB

Available physical RAM: 1193.77 MB

Total Virtual: 5082.49 MB

Available Virtual: 1518.12 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.13 GB) (Free:392.76 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery Image) (Fixed) (Total:17.71 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: D7091893)

Partition: GPT.

==================== End of Addition.txt ============================

#2
RKinner

Posted 23 January 2018 - 05:44 AM

Malware Expert

Expert
24,625 posts

Uninstall:

Bonjour

DigiSmirkz Internet Explorer Homepage and New Tab

Motitags Internet Explorer Homepage and New Tab

ShopAtHome.com Helper

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7+ => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Run FRST again. Check the Addition.txt box and then SCAN. Post both logs.

#3
rockitout

Posted 23 January 2018 - 11:50 AM

Member

Topic Starter
Member
140 posts

Thank you for your reply. I followed your instructions. I could not find "ShopAtHome.com Helper" in the programs list. I did however find it in a list of addons for internet explorer and removed it from there. Also fyi, during the reboot it did a windows update automatically. Not sure if that matters much, but I thought I would let you know. Everything else was smooth and the logs you requested are below.

# AdwCleaner 7.0.7.0 - Logfile created on Tue Jan 23 16:54:44 2018
# Updated on 2018/18/01 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: CouponPrinterService

***** [ Folders ] *****

Deleted: C:\Users\Albert\AppData\LocalLow\ShopAtHome
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Deleted: C:\Program Files (x86)\Coupons

***** [ Files ] *****

Deleted: C:\Users\Albert\AppData\Roaming\aps.uninstall.scan.results
Deleted: C:\END
Deleted: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\bingp.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\hp.myway.com
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4ADB-B353-42C991C99A2E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\download.driversupport.com
Deleted: [Key] - HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Internet Explorer\DOMStorage\driversupport.com
Deleted: [Key] - HKLM\SOFTWARE\systweak

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3719 B] - [2018/1/23 16:52:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Albert (administrator) on CORRELLS (23-01-2018 10:18:14)
Running from C:\Users\Albert\Desktop
Loaded Profiles: Albert (Available Profiles: Albert)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
(Greatis Software) C:\Program Files (x86)\Start Screen Unlimited\launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\update.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [65120 2018-01-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Safe Shopping] => C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe [624264 2017-12-19] (Avira Operations Gmbh & Co. KG)
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [Dropbox Update] => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-13] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => No File
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-12]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Albert\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{8E304197-ADA7-41F1-9EFD-64AE63A2F549}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{B305DF31-E605-491B-B209-2323E806FA7D}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> DefaultScope {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> {E2626292-7EC8-4934-9404-EFE0FB0A57F2} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default [2018-01-23]
FF Homepage: Mozilla\Firefox\Profiles\t8kv3jfy.default -> google.com
FF Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Firefox Hotfix) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2017-01-06] [Legacy]
FF Extension: (Gmail panel) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2016-01-08] [Legacy]
FF Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\[email protected] [2018-01-06]
FF Extension: (Adblock Plus) - C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-06] [Legacy]
FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\t8kv3jfy.default\searchplugins\yahoo-avast.xml [2014-09-03]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-01-17] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3638795625-3106638858-2927296518-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Albert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-03-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> ichro.me
CHR StartupUrls: Profile 2 -> "hxxp://ichro.me/redirect"
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-01-06]
CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-08]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-01-22]
CHR Extension: (Slides) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-13]
CHR Extension: (Docs) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-22]
CHR Extension: (Google Drive) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-08]
CHR Extension: (YouTube) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-08]
CHR Extension: (Avira Password Manager) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-01-22]
CHR Extension: (Adblock Plus) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-12-13]
CHR Extension: (Google Search) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-08]
CHR Extension: (Sheets) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2018-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-22]
CHR Extension: (iChrome - A Fast, Productive Home Page) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\oghkljobbhapacbahlneolfclkniiami [2018-01-22]
CHR Extension: (Gmail) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-22]
CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-06]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [332016 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2018-01-16] (Avira Operations GmbH & Co. KG)
R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-09] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-09] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-09] (CyberLink)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-29] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74256 2018-01-12] (Avira Operations GmbH & Co. KG)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-21] (Qualcomm Atheros Communications, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [178840 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169376 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2018-01-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2018-01-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2018-01-03] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-05-07] ()
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [290008 2016-04-16] (Realtek Semiconductor Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 10:15 - 2018-01-23 10:28 - 000000000 ____D C:\Users\Public\Speedup Sessions
2018-01-23 09:48 - 2018-01-23 09:52 - 000000000 ____D C:\AdwCleaner
2018-01-23 09:43 - 2018-01-23 09:43 - 008206624 _____ (Malwarebytes) C:\Users\Albert\Desktop\AdwCleaner.exe
2018-01-22 19:23 - 2018-01-22 19:23 - 000000000 _____ C:\Users\Albert\Desktop\New Text Document.txt
2018-01-22 19:17 - 2018-01-23 09:39 - 000000182 _____ C:\Users\Albert\Desktop\Problems with ads, popups, and browser restarts - Virus, Spyware, Malware Removal.url
2018-01-22 17:30 - 2017-10-04 01:21 - 000029352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2018-01-22 17:30 - 2017-10-03 20:45 - 000030888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2018-01-22 17:30 - 2017-10-03 20:45 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2018-01-22 17:29 - 2017-10-04 01:21 - 000019088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2018-01-22 16:49 - 2018-01-08 21:16 - 007408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-22 16:49 - 2017-12-15 05:23 - 000276312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-01-22 16:49 - 2017-12-05 09:56 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2018-01-22 16:49 - 2017-12-05 09:52 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-01-22 16:49 - 2017-12-05 09:45 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-22 16:49 - 2017-12-05 09:42 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-22 16:49 - 2017-12-05 09:32 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-01-22 16:49 - 2017-12-05 09:10 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-01-22 16:49 - 2017-12-05 09:02 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2018-01-22 16:49 - 2017-12-05 08:58 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2018-01-22 16:49 - 2017-12-05 08:24 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-01-22 16:49 - 2017-12-01 20:04 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-01-22 16:49 - 2017-11-24 14:58 - 002608640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2018-01-22 16:49 - 2017-11-24 14:56 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2018-01-22 16:49 - 2017-11-24 14:46 - 002170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2018-01-22 16:49 - 2017-11-24 14:44 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2018-01-22 16:42 - 2014-11-17 13:17 - 000672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2018-01-22 16:42 - 2014-11-13 23:54 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-01-22 16:29 - 2018-01-22 16:38 - 000054002 _____ C:\Users\Albert\Desktop\Addition.txt
2018-01-22 16:14 - 2018-01-23 10:20 - 000022350 _____ C:\Users\Albert\Desktop\FRST.txt
2018-01-22 16:13 - 2018-01-23 10:18 - 000000000 ____D C:\FRST
2018-01-22 16:11 - 2018-01-22 16:11 - 002393088 _____ (Farbar) C:\Users\Albert\Desktop\FRST64.exe
2018-01-22 15:53 - 2014-11-15 12:05 - 000801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-22 15:53 - 2014-11-14 23:29 - 000962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-22 15:53 - 2014-11-13 23:57 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-01-22 15:53 - 2014-11-13 22:03 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-01-22 15:53 - 2014-11-07 19:03 - 000733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2018-01-22 15:53 - 2014-11-07 18:58 - 004837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2018-01-22 15:53 - 2014-11-07 18:49 - 001154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2018-01-22 15:53 - 2014-11-04 19:12 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2018-01-22 15:53 - 2014-11-04 19:12 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2018-01-22 15:53 - 2014-11-04 19:06 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-01-22 15:53 - 2014-11-04 18:39 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2018-01-22 15:53 - 2014-11-04 18:39 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2018-01-22 15:53 - 2014-11-04 18:33 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-01-22 15:53 - 2014-11-04 18:14 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-01-22 15:53 - 2014-11-04 12:33 - 000058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2018-01-22 15:53 - 2014-10-20 18:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2018-01-22 15:53 - 2014-10-20 18:19 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2018-01-22 15:53 - 2014-10-20 17:50 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2018-01-22 15:53 - 2014-10-20 17:31 - 001574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-01-22 15:53 - 2014-10-20 17:31 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2018-01-22 15:53 - 2014-10-20 17:20 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-01-22 15:53 - 2014-10-16 21:56 - 000039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2018-01-22 15:34 - 2018-01-22 15:34 - 000000000 ____D C:\Users\Albert\AppData\Local\TeamViewer
2018-01-12 06:34 - 2018-01-12 06:34 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-12 06:00 - 2017-12-20 16:56 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-01-12 06:00 - 2017-12-20 16:56 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-01-12 05:24 - 2018-01-01 23:39 - 022374248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-12 05:24 - 2018-01-01 23:03 - 025739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-12 05:24 - 2018-01-01 23:00 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-12 05:24 - 2018-01-01 22:38 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-12 05:24 - 2018-01-01 22:28 - 005796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-12 05:24 - 2018-01-01 22:20 - 020275200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-12 05:24 - 2018-01-01 21:44 - 015284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-12 05:24 - 2017-12-10 06:46 - 007079424 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2018-01-12 05:24 - 2017-12-10 06:24 - 005275136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2018-01-12 05:24 - 2017-12-10 06:06 - 007797760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-12 05:24 - 2017-12-05 09:58 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000590680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000242520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-01-12 05:23 - 2018-01-02 01:00 - 000214392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 002530400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 000567656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-12 05:23 - 2018-01-02 00:56 - 000397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-12 05:23 - 2018-01-02 00:56 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-12 05:23 - 2018-01-01 23:39 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-12 05:23 - 2018-01-01 23:39 - 000418648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-12 05:23 - 2018-01-01 23:39 - 000354648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-12 05:23 - 2018-01-01 23:38 - 002176064 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-01-12 05:23 - 2018-01-01 23:38 - 001662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-12 05:23 - 2018-01-01 23:38 - 001063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 001676056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-12 05:23 - 2018-01-01 23:37 - 001536120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-12 05:23 - 2018-01-01 23:37 - 001500432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-12 05:23 - 2018-01-01 23:37 - 001371352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-12 05:23 - 2018-01-01 23:37 - 001135280 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-01-12 05:23 - 2018-01-01 23:37 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-12 05:23 - 2018-01-01 23:35 - 001307840 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-12 05:23 - 2018-01-01 23:35 - 000989528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-12 05:23 - 2018-01-01 23:05 - 000164296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-12 05:23 - 2018-01-01 23:03 - 000341384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-12 05:23 - 2018-01-01 23:01 - 001902328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-12 05:23 - 2018-01-01 22:59 - 001565520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-01-12 05:23 - 2018-01-01 22:59 - 001213784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-12 05:23 - 2018-01-01 22:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-12 05:23 - 2018-01-01 22:48 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-12 05:23 - 2018-01-01 22:40 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-12 05:23 - 2018-01-01 22:39 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-12 05:23 - 2018-01-01 22:39 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2018-01-12 05:23 - 2018-01-01 22:38 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-01-12 05:23 - 2018-01-01 22:37 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-12 05:23 - 2018-01-01 22:37 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-12 05:23 - 2018-01-01 22:34 - 000360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-12 05:23 - 2018-01-01 22:31 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-12 05:23 - 2018-01-01 22:30 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-12 05:23 - 2018-01-01 22:28 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2018-01-12 05:23 - 2018-01-01 22:28 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-12 05:23 - 2018-01-01 22:19 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2018-01-12 05:23 - 2018-01-01 22:18 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-12 05:23 - 2018-01-01 22:17 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-12 05:23 - 2018-01-01 22:17 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2018-01-12 05:23 - 2018-01-01 22:16 - 000814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-12 05:23 - 2018-01-01 22:09 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-01-12 05:23 - 2018-01-01 22:06 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-12 05:23 - 2018-01-01 22:02 - 000862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-01-12 05:23 - 2018-01-01 21:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2018-01-12 05:23 - 2018-01-01 21:59 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2018-01-12 05:23 - 2018-01-01 21:57 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-01-12 05:23 - 2018-01-01 21:56 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-01-12 05:23 - 2018-01-01 21:54 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-12 05:23 - 2018-01-01 21:53 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-12 05:23 - 2018-01-01 21:52 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-12 05:23 - 2018-01-01 21:51 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-12 05:23 - 2018-01-01 21:49 - 002294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-12 05:23 - 2018-01-01 21:48 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-12 05:23 - 2018-01-01 21:45 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2018-01-12 05:23 - 2018-01-01 21:44 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-12 05:23 - 2018-01-01 21:43 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-12 05:23 - 2018-01-01 21:42 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-12 05:23 - 2018-01-01 21:42 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-12 05:23 - 2018-01-01 21:41 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-12 05:23 - 2018-01-01 21:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-12 05:23 - 2018-01-01 21:38 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-12 05:23 - 2018-01-01 21:37 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-01-12 05:23 - 2018-01-01 21:34 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-12 05:23 - 2018-01-01 21:34 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-12 05:23 - 2018-01-01 21:33 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-01-12 05:23 - 2018-01-01 21:33 - 000845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-01-12 05:23 - 2018-01-01 21:33 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-12 05:23 - 2018-01-01 21:32 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-12 05:23 - 2018-01-01 21:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-01-12 05:23 - 2018-01-01 21:29 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-12 05:23 - 2018-01-01 21:27 - 001696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-12 05:23 - 2018-01-01 21:27 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-01-12 05:23 - 2018-01-01 21:26 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-12 05:23 - 2018-01-01 21:25 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-12 05:23 - 2018-01-01 21:23 - 004508160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-12 05:23 - 2018-01-01 21:23 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-12 05:23 - 2018-01-01 21:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-12 05:23 - 2018-01-01 21:22 - 000129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-12 05:23 - 2018-01-01 21:21 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-12 05:23 - 2018-01-01 21:20 - 013680128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-12 05:23 - 2018-01-01 21:18 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-12 05:23 - 2018-01-01 21:18 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-12 05:23 - 2018-01-01 21:17 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-12 05:23 - 2018-01-01 21:16 - 000881152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-12 05:23 - 2018-01-01 21:16 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-12 05:23 - 2018-01-01 21:15 - 001545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-12 05:23 - 2018-01-01 21:13 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-12 05:23 - 2018-01-01 21:11 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2018-01-12 05:23 - 2018-01-01 21:11 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-12 05:23 - 2018-01-01 21:09 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-12 05:23 - 2018-01-01 21:09 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-01-12 05:23 - 2018-01-01 21:09 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-12 05:23 - 2018-01-01 21:08 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-12 05:23 - 2018-01-01 21:07 - 001265664 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-12 05:23 - 2018-01-01 21:07 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-12 05:23 - 2018-01-01 21:06 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-12 05:23 - 2018-01-01 21:05 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-12 05:23 - 2018-01-01 21:04 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-12 05:23 - 2018-01-01 20:59 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-12 05:23 - 2018-01-01 20:58 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-12 05:23 - 2018-01-01 20:57 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2018-01-12 05:23 - 2018-01-01 20:56 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-01-12 05:23 - 2018-01-01 20:55 - 003548160 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-01-12 05:23 - 2018-01-01 20:54 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-12 05:23 - 2018-01-01 20:53 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-12 05:23 - 2017-12-29 01:21 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-01-12 05:23 - 2017-12-14 16:26 - 000374096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-12 05:23 - 2017-12-14 14:39 - 000315736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-12 05:23 - 2017-12-14 03:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-12 05:23 - 2017-12-14 03:17 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-12 05:23 - 2017-12-10 06:59 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-12 05:23 - 2017-12-10 06:58 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-12 05:23 - 2017-12-10 05:59 - 005270528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-12 05:23 - 2017-12-05 21:42 - 002452816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-12 05:23 - 2014-11-07 21:00 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2018-01-12 05:23 - 2014-11-07 20:56 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2018-01-12 05:23 - 2014-11-07 20:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2018-01-12 05:23 - 2014-11-07 20:56 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2018-01-12 05:23 - 2014-11-07 20:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2018-01-12 05:23 - 2014-11-07 20:13 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2018-01-12 05:23 - 2014-11-07 20:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2018-01-12 05:23 - 2014-11-07 20:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2018-01-12 05:23 - 2014-11-07 19:48 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2018-01-12 05:23 - 2014-11-03 23:27 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2018-01-06 12:57 - 2018-01-06 12:57 - 000007690 _____ C:\Users\Albert\Desktop\cc_20180106_125658.reg
2018-01-06 12:56 - 2018-01-06 12:56 - 000117904 _____ C:\Users\Albert\Desktop\cc_20180106_125614.reg
2018-01-06 12:45 - 2018-01-06 12:45 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-06 12:38 - 2018-01-06 12:38 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira
2018-01-06 12:36 - 2018-01-06 12:36 - 000000000 ____D C:\Users\Albert\AppData\Local\AMD
2018-01-06 11:23 - 2018-01-06 11:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-06 11:23 - 2016-09-09 11:25 - 000269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-06 11:23 - 2016-09-09 11:25 - 000261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-06 11:23 - 2016-09-09 11:25 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-06 11:23 - 2016-09-09 11:24 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-06 11:16 - 2018-01-06 11:19 - 000000000 ____D C:\AMD
2018-01-06 11:16 - 2018-01-06 11:16 - 000000000 ____D C:\Users\Albert\AppData\Local\RadeonInstaller
2018-01-06 10:06 - 2018-01-06 10:06 - 000003546 _____ C:\WINDOWS\System32\Tasks\Avira Safe Shopping Updater
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira_Operations_Gmbh_&_C
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\Users\Albert\AppData\Local\Avira Operations Gmbh & Co. KG
2018-01-06 10:06 - 2018-01-06 10:06 - 000000000 ____D C:\ProgramData\Avira Operations Gmbh & Co. KG
2018-01-06 10:03 - 2018-01-06 10:03 - 000003292 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2018-01-06 10:03 - 2018-01-06 10:03 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-01-06 10:02 - 2018-01-03 22:33 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2018-01-06 10:02 - 2018-01-03 22:33 - 000038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2018-01-06 09:59 - 2018-01-06 09:59 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avira
2018-01-06 09:55 - 2018-01-23 10:15 - 000003660 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2018-01-06 09:49 - 2018-01-23 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-06 09:49 - 2018-01-23 10:15 - 000000000 ____D C:\Program Files (x86)\Avira
2018-01-06 09:49 - 2018-01-06 10:02 - 000000000 ____D C:\ProgramData\Avira
2018-01-06 09:49 - 2018-01-06 09:49 - 000001215 _____ C:\Users\Public\Desktop\Avira.lnk
2018-01-06 09:35 - 2018-01-06 09:35 - 000001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-06 09:35 - 2018-01-06 09:35 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-01-06 09:35 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-06 09:10 - 2018-01-06 09:10 - 000000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-01-06 09:10 - 2018-01-06 09:10 - 000000978 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-23 10:21 - 2014-01-16 05:01 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3638795625-3106638858-2927296518-1001
2018-01-23 10:16 - 2016-01-08 11:00 - 000000000 __RDO C:\Users\Albert\OneDrive
2018-01-23 10:16 - 2014-04-15 12:31 - 000000000 ____D C:\Temp
2018-01-23 10:14 - 2015-06-16 22:26 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job
2018-01-23 10:06 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-23 10:06 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2018-01-23 10:05 - 2013-08-22 06:25 - 001048576 ___SH C:\WINDOWS\system32\config\BBI
2018-01-23 10:00 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-23 10:00 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-23 09:55 - 2016-03-03 20:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-01-23 09:31 - 2014-01-16 04:55 - 000003786 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1AB0B2E-1ED5-4C0B-81B4-ED19FE8E5F44}
2018-01-23 05:46 - 2015-06-04 22:00 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-01-22 20:39 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\rescache
2018-01-22 17:51 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-22 17:12 - 2015-06-04 22:00 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-22 17:09 - 2017-11-18 09:03 - 000003170 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAlbert
2018-01-22 17:09 - 2017-11-18 09:03 - 000000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job
2018-01-22 15:35 - 2014-01-21 16:22 - 000000540 _____ C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website
2018-01-21 21:17 - 2013-08-22 08:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-21 21:14 - 2015-06-16 22:26 - 000000888 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job
2018-01-21 21:11 - 2014-06-03 10:16 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-21 20:16 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-21 20:11 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-12 06:35 - 2014-04-03 17:24 - 000000000 ____D C:\Users\Albert\AppData\Roaming\Dropbox
2018-01-12 06:03 - 2014-11-21 01:44 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-12 05:58 - 2013-08-22 07:44 - 000498600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-12 05:52 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2018-01-12 05:36 - 2014-01-19 14:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-12 05:28 - 2017-10-12 22:10 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-12 05:28 - 2014-01-19 14:31 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-10 10:20 - 2014-03-22 17:19 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 12:45 - 2016-07-05 21:40 - 000000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-06 12:45 - 2016-07-05 21:40 - 000000000 ____D C:\Program Files\CCleaner
2018-01-06 11:26 - 2013-11-08 23:22 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-01-06 11:19 - 2013-04-03 17:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-06 09:30 - 2014-03-22 16:38 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-06 09:29 - 2014-03-22 17:21 - 000000000 ____D C:\Program Files\Google
2018-01-06 09:29 - 2014-03-22 17:10 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-06 09:21 - 2016-07-05 21:40 - 000002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-06 09:21 - 2016-01-08 10:34 - 000002218 _____ C:\WINDOWS\System32\Tasks\Start Screen Unlimited Schedule Task
2018-01-06 09:21 - 2015-06-16 22:26 - 000003888 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA
2018-01-06 09:21 - 2015-06-16 22:26 - 000003508 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core
2018-01-06 09:21 - 2014-12-31 09:34 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-06 09:21 - 2014-04-15 12:31 - 000002026 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2018-01-06 09:21 - 2014-04-15 12:31 - 000002008 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2018-01-06 09:21 - 2014-03-22 17:11 - 000003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-06 09:21 - 2014-03-22 17:11 - 000003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-06 09:21 - 2013-11-08 23:57 - 000002204 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2018-01-06 09:21 - 2013-11-08 23:28 - 000002216 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2018-01-06 09:19 - 2014-03-22 17:10 - 000000000 ____D C:\Users\Albert\AppData\Local\Google

==================== Files in the root of some directories =======

2014-04-01 14:41 - 2014-04-17 15:12 - 000007605 _____ () C:\Users\Albert\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-22 19:30

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Albert (23-01-2018 10:30:20)
Running from C:\Users\Albert\Desktop
Windows 8.1 (Update) (X64) (2015-06-05 13:12:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3638795625-3106638858-2927296518-500 - Administrator - Disabled)
Albert (S-1-5-21-3638795625-3106638858-2927296518-1001 - Administrator - Enabled) => C:\Users\Albert
Guest (S-1-5-21-3638795625-3106638858-2927296518-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{518c54f5-fd43-4aa6-936b-8d7fd8c85cbd}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{E3F659C3-7936-4321-B886-4DA527DA72FE}) (Version: 1.2.103.26908 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.17 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.11.3.29834 - Avira Operations GmbH & Co. KG)
Avira Safe Shopping (HKLM-x32\...\{FA4F79B8-FA3E-4BDC-82B1-F0AA064E24C0}) (Version: 1.0.49.1987 - Avira Operations Gmbh & Co. KG)
Avira Software Updater (HKLM-x32\...\{3850873E-EFAF-4712-94DF-D1E81FFA9F88}) (Version: 2.0.4.50571 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.5.0.6983 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Cyberlink PhotoDirector (HKLM-x32\...\{39337565-330E-4AB6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.5.37.19 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.47.1 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Start Screen Unlimited Lite 3.1 (HKLM-x32\...\Start Screen Unlimited Lite_is1) (Version: - Greatis Software, LLC.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Total Uninstall 6.4.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.4.1 - Gavrila Martau)
Unity Web Player (HKU\S-1-5-21-3638795625-3106638858-2927296518-1001\...\UnityWebPlayer) (Version: 5.3.8f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Albert\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3638795625-3106638858-2927296518-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-01-03] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3638795625-3106638858-2927296518-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Albert\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037A081F-628D-4796-93C2-BEDC2ED781C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {062AA61C-2C93-42C6-AC2F-4DC58522C3C5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-13] (Piriform Ltd)
Task: {0B4ACFC9-7678-4BC4-8FE2-7E8BC495C7DF} - System32\Tasks\HPCeeScheduleForAlbert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {16101842-1F98-4988-B291-63A9518C2B76} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2018-01-23] (Avira Operations GmbH & Co. KG )
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {16CB9CFE-31E8-401E-A79E-639FF0F3C152} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-18] ()
Task: {2B3C693A-73FF-438B-B149-493A57B9B0BF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {2BB1DE94-8613-4678-B48C-D8B969F24EBA} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {34D0010E-EC3E-4B8A-8C5B-F3626FB82FBD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {370C67AB-9D3F-46BB-8F5A-F477F3D91ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {3C1E0996-A84B-41A0-A88D-EDE53D5F9F48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5A646D1D-2B29-4912-A8A2-B2EA0B427762} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {60DE0EE9-49E2-41BC-8397-15F73B895324} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-01-03] (Avira Operations GmbH & Co. KG)
Task: {65923E58-1C20-4BBF-AE21-AD46681E6DB4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-12-12] (Microsoft Corporation)
Task: {66E2FD49-F8F5-401E-A939-2F045C80C5FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7CBA983F-79F5-42A2-BB55-D2BAAE23D0E3} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {85A68C60-49A2-4B07-AD98-DF9226D5C676} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {865C3EA3-1331-4632-B774-8E042D022A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {8D90EE55-19DA-49FF-B78D-97EDC8E0D9CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9D0BDADA-53F1-49BF-AC93-E5B53187B4E9} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {9FC82034-8829-4EFC-9F9B-B84CCD4F6B6E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {AF3882E3-8991-4BE7-9577-5E10BBD577EB} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C9041102-7EB9-413A-A81A-6FEBA4C4EA07} - System32\Tasks\Avira Safe Shopping Updater => C:\Program Files (x86)\Avira\Safe Shopping\\Updater\Updater.exe [2017-12-19] (Avira Operations Gmbh & Co. KG)
Task: {C95A18D5-6486-4A0F-A033-A5B4EA1F2931} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D2DC50CF-1EF9-496D-AE30-631825CFBABD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {E0EE1DED-6854-49A9-B020-ECF01E06A44C} - System32\Tasks\Start Screen Unlimited Schedule Task => C:\Program Files (x86)\Start Screen Unlimited\launcher.exe [2014-01-07] (Greatis Software)
Task: {EBD05904-7EBA-4243-A171-64D1BF783B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {EC208AAC-772E-409C-AFC3-C39D43559F91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-13] (Piriform Ltd)
Task: {EFA4D654-7DE0-4DAD-98B9-DD62878A451D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {F15E7F9D-301F-4D06-84DB-765355AFC630} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {F1C44F33-38A9-4EF5-A112-50E86EBA08A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {F970FEA0-697E-4FAE-BE81-1FCA238A3943} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2018-01-12] (Avira Operations GmbH & Co. KG)
Task: {FB27E9EE-F1D0-4BD2-9138-B326976A205C} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2018-01-12] (Avira Operations GmbH & Co. KG)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001Core.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3638795625-3106638858-2927296518-1001UA.job => C:\Users\Albert\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAlbert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-18881076590.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x1ed8ade2 -pinnedTimeHigh 0x01d14a44 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000001e hxxps://www.bankofthewest.com/
ShortcutWithArgument: C:\Users\Albert\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\11029858760.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xd8df544c -pinnedTimeHigh 0x01d14a4a -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000098 hxxp://home.recipes.myway.com/home/index.jhtml?a=221A234E-B071-411F-B21C-E69B05E91120&p=^BD9^hps101^YY^u
ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2014-06-03 10:24 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-24 15:35 - 2017-01-31 05:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-11-08 23:28 - 2013-03-12 07:51 - 000626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 000015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2018-01-12 06:33 - 2018-01-08 14:15 - 000732480 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-01-12 06:33 - 2018-01-08 14:15 - 002061632 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-12-07 12:26 - 2018-01-08 14:15 - 000100296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000018888 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\select.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000020800 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000035792 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000694224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000130512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001856848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000145864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000116688 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-12-07 12:26 - 2018-01-08 14:15 - 000105928 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000063296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024528 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000040248 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000020936 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000124880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000116176 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000392656 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-12-07 12:26 - 2018-01-08 14:16 - 000392512 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000175560 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000030160 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000043472 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000026056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000048592 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000057808 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000021824 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000023368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000022856 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000066392 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001796920 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000084424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\sip.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 001956152 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 003859264 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000155464 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000521024 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000050496 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000042304 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000131384 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000218944 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000204096 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000025432 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000060880 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000054608 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000024016 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000022864 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000028616 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-12-07 12:26 - 2018-01-08 14:16 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000022360 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000027488 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-07 12:26 - 2018-01-08 14:15 - 000349128 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000101184 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-12-07 12:26 - 2018-01-08 14:17 - 000023896 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000025424 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-01-12 06:33 - 2018-01-08 14:15 - 000036296 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-12 06:34 - 2018-01-08 14:16 - 000021848 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000181056 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-12-07 12:26 - 2018-01-08 14:16 - 000030536 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000024368 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-01-12 06:33 - 2018-01-08 14:16 - 001638200 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-12-07 12:26 - 2018-01-08 14:17 - 000026456 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000545080 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000359224 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-01-12 06:33 - 2018-01-08 14:16 - 000038208 _____ () C:\Users\Albert\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2017-06-22 00:41 - 2017-06-22 00:41 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-08 23:28 - 2013-05-21 05:56 - 000806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2013-11-08 23:28 - 2013-03-05 20:04 - 001321944 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981 [2302]
AlternateDataStreams: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587 [2302]
AlternateDataStreams: C:\ProgramData\Temp:F8AF2BB9 [136]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"