Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow, virus scanners blocked, browser blocked


  • This topic is locked This topic is locked
1 reply to this topic

#1 greenhenry

greenhenry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 26 August 2017 - 11:36 AM

Hi,

Our desktop is running very slowly (8 minutes from switch on to Firefox loading)
and programmes are freezing and crashing. Sometimes when I start Firefox a red screen
loads with a message warning of infection and instructing me to call an 0800 number
(presumably a scam): the URL is ftp://3-333x000000i01-virus.com. When I try IE instead,
a 'site certificate' pop-up appears and keeps reappearing no matter what I do, preventing
browsing.

Java updates are failing at the end of the install. Software like Picasa is not running properly,
e.g. fails to find certain files and freezes or crashes.

A pop-up for 'Teamviewer' (not something I have installed myself) sometimes appears on starting
Windows.

Avaast freezes before completing a scan. I uninstalled it and tried Avira, which does the same thing
and won't launch at all in safe mode (neither will Trojan Remover).

In safe mode, Windows explorer keeps crashing.

My computer knowledge is pretty basic but using google I have tried a few things.

I ran CHKDSK in safe mode. It found an incorrect value but crashed before I could note it.

I ran System File Checker in safe mode. Windows Resource Protection found corrupt files but was unable to fix
some of them. Explorer crashes before I can save the log.

RKill, Trojan Finder, Hitman Pro and Malware Bytes all find no results.

Your help is much appreciated.

Farbar logs:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Des (administrator) on DESANDJANEPC (26-08-2017 17:07:06)
Running from C:\Users\Des\Desktop
Loaded Profiles: Des (Available Profiles: Des)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-08-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -  No File
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{948A3889-65B0-4207-9D4E-649DA6CA24FC}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79f4e1c8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-79f4e1c8
SearchScopes: HKLM -> DefaultScope {B2F35785-D9D4-48F8-9DE3-46806F59221D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-79f4e1c8&q={searchTerms}
SearchScopes: HKLM -> {B2F35785-D9D4-48F8-9DE3-46806F59221D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL =
SearchScopes: HKLM-x32 -> DefaultScope {5335D925-0803-44B7-BBAF-550CFFED06CD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {5335D925-0803-44B7-BBAF-550CFFED06CD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001 -> {5335D925-0803-44B7-BBAF-550CFFED06CD} URL =
SearchScopes: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-15] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-03-15] (Belarc, Inc.)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Des\AppData\Roaming\TomTom\HOME\Profiles\q1hggxyy.default [2016-08-23]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default [2017-08-26]
FF NewTab: Mozilla\Firefox\Profiles\q1nb7bcv.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\q1nb7bcv.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\q1nb7bcv.default -> hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\q1nb7bcv.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\q1nb7bcv.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\q1nb7bcv.default -> hxxps://www.google.com/?bcutc=sp-006
FF Session Restore: Mozilla\Firefox\Profiles\q1nb7bcv.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\q1nb7bcv.default -> hxxps://www.google.com/search?bcutc=sp-006
FF NetworkProxy: Mozilla\Firefox\Profiles\q1nb7bcv.default -> type", 0
FF Extension: (Avira Browser Safety) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\abs@avira.com [2017-07-17]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-27]
FF Extension: (OneTab) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\extension@one-tab.com.xpi [2016-06-09]
FF Extension: (No Name) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\tranquility@ushnisha.com.xpi [2017-06-09]
FF Extension: (Zotero) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-08-12]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\zoteroWinWordIntegration@zotero.org [2016-11-24]
FF Extension: (LeechBlock) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF SearchPlugin: C:\Users\Des\AppData\Roaming\Mozilla\Firefox\Profiles\q1nb7bcv.default\searchplugins\google-avast.xml [2016-10-19]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-31] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-31] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default [2016-05-22]
CHR Extension: (Google Slides) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (Google Drive) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Google Sheets) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Avast Online Security) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Des\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR HKLM-x32\...\Chrome\Extension: [bhicbhhgmeobmgjehpcecbkjpehljipn] - C:\ProgramData\iSkysoft\iTube Studio\ISAllmytube@iSkysoft.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-08-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-08-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-08-11] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [389312 2017-08-02] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-08-08] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 FoxitCloudUpdateService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [189256 2017-08-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-08-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-07-04] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-07-04] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
S3 EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [91136 2007-07-03] (ENE Technology Inc.)
S3 ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [60416 2007-07-03] (ENE Technology Inc.)
S3 ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [78336 2007-04-10] (ENE Technology Inc.)
S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2007-07-11] (Windows ® Codename Longhorn DDK provider)
S3 iaNvStor; C:\Windows\system32\DRIVERS\iaNvStor.sys [344600 2009-07-01] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\DRIVERS\ifM52x64.sys [339728 2010-08-13] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\DRIVERS\ifP52X64.sys [65808 2010-08-13] (Intel® Corporation)
R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [25688 2010-08-24] (JMicron Technology Corp.)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 nvamacpi; C:\Windows\system32\DRIVERS\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-08-04] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SISAGP; C:\Windows\system32\DRIVERS\SISAGPX.sys [67104 2009-08-01] (Silicon Integrated Systems Corporation)
S3 uagp35; C:\Windows\system32\DRIVERS\sisagpx.sys [67104 2009-08-01] (Silicon Integrated Systems Corporation)
S3 vcrdrx64; C:\Windows\system32\DRIVERS\vcrdrx64.sys [127088 2010-08-13] (VIA Technologies, Inc.)
S3 wbondir; C:\Windows\system32\DRIVERS\wbondir.sys [65024 2007-06-24] (Winbond Electronics Corporation)
S3 winbondcir; C:\Windows\system32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S3 winbondhidcir; C:\Windows\system32\DRIVERS\winbondhidcir.sys [25088 2007-07-11] (Winbond Electronics Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-24 13:34 - 2017-08-24 13:34 - 000002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-08-24 13:34 - 2017-08-24 13:34 - 000002178 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-24 13:29 - 2017-08-24 13:29 - 000000000 ____D C:\Users\Des\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 12:42 - 2017-08-22 12:42 - 000001138 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-08-12 20:48 - 2017-07-29 15:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-12 20:48 - 2017-07-21 15:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
2017-08-12 20:48 - 2017-07-21 15:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
2017-08-12 20:48 - 2017-07-21 15:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
2017-08-12 20:48 - 2017-07-21 15:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2017-08-12 20:48 - 2017-07-15 19:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-12 20:48 - 2017-07-15 18:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-12 20:48 - 2017-07-14 16:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-12 20:48 - 2017-07-14 16:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-12 20:48 - 2017-07-14 16:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-12 20:48 - 2017-07-14 16:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-12 20:48 - 2017-07-14 16:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-08-12 20:48 - 2017-07-14 16:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-08-12 20:48 - 2017-07-14 16:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-08-12 20:48 - 2017-07-14 16:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-08-12 20:48 - 2017-07-14 15:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-08-12 20:48 - 2017-07-14 15:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-08-12 20:48 - 2017-07-14 15:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-12 20:48 - 2017-07-14 15:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-08-12 20:48 - 2017-07-14 15:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2017-08-12 20:48 - 2017-07-14 08:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-12 20:48 - 2017-07-14 08:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-12 20:48 - 2017-07-14 07:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-12 20:48 - 2017-07-14 07:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-12 20:48 - 2017-07-14 07:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-12 20:48 - 2017-07-14 07:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-12 20:48 - 2017-07-14 07:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-12 20:48 - 2017-07-14 07:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-12 20:48 - 2017-07-14 07:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-12 20:48 - 2017-07-14 07:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-12 20:48 - 2017-07-14 07:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-12 20:48 - 2017-07-14 07:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-12 20:48 - 2017-07-14 07:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-12 20:48 - 2017-07-14 07:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-12 20:48 - 2017-07-14 07:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-12 20:48 - 2017-07-14 07:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-12 20:48 - 2017-07-14 07:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-12 20:48 - 2017-07-14 07:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-12 20:48 - 2017-07-14 06:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-12 20:48 - 2017-07-14 06:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-12 20:48 - 2017-07-14 06:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-12 20:48 - 2017-07-14 06:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-12 20:48 - 2017-07-14 06:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-12 20:48 - 2017-07-14 06:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-12 20:48 - 2017-07-14 06:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-12 20:48 - 2017-07-14 06:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-12 20:48 - 2017-07-14 06:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-12 20:48 - 2017-07-14 06:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-12 20:48 - 2017-07-14 06:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-12 20:48 - 2017-07-14 06:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-12 20:48 - 2017-07-14 06:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-12 20:48 - 2017-07-14 05:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-12 20:48 - 2017-07-14 05:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-12 20:48 - 2017-07-14 05:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-12 20:48 - 2017-07-14 04:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-12 20:48 - 2017-07-14 04:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-08-12 20:48 - 2017-07-14 03:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-08-12 20:48 - 2017-07-14 03:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-08-12 20:48 - 2017-07-14 03:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-08-12 20:48 - 2017-07-14 03:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-08-12 20:48 - 2017-07-14 03:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-08-12 20:48 - 2017-07-14 03:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-08-12 20:48 - 2017-07-14 03:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-08-12 20:48 - 2017-07-14 03:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-08-12 20:48 - 2017-07-14 03:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-08-12 20:48 - 2017-07-14 03:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-08-12 20:48 - 2017-07-14 03:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-08-12 20:48 - 2017-07-14 03:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-08-12 20:48 - 2017-07-14 03:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-08-12 20:48 - 2017-07-14 03:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-08-12 20:48 - 2017-07-14 03:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-12 20:48 - 2017-07-14 03:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-08-12 20:48 - 2017-07-14 03:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-08-12 20:48 - 2017-07-14 03:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-08-12 20:48 - 2017-07-14 03:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-08-12 20:48 - 2017-07-14 03:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-08-12 20:48 - 2017-07-14 03:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-08-12 20:48 - 2017-07-14 03:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-08-12 20:48 - 2017-07-14 03:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-08-12 20:48 - 2017-07-14 03:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-08-12 20:48 - 2017-07-14 03:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-08-12 20:48 - 2017-07-14 03:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-08-12 20:48 - 2017-07-14 03:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-08-12 20:48 - 2017-07-14 02:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-08-12 20:48 - 2017-07-14 02:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-08-12 20:48 - 2017-07-14 02:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-08-12 20:48 - 2017-07-08 16:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-12 20:48 - 2017-07-08 16:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-12 20:48 - 2017-07-07 16:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-08-12 20:48 - 2017-07-07 16:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-12 20:48 - 2017-07-07 16:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-08-12 20:48 - 2017-07-07 16:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-12 20:48 - 2017-07-07 16:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-12 20:48 - 2017-07-07 16:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-12 20:48 - 2017-07-07 16:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-08-12 20:48 - 2017-07-07 16:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-08-12 20:48 - 2017-07-07 16:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-08-12 20:48 - 2017-07-07 16:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 16:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-12 20:48 - 2017-07-07 16:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-12 20:48 - 2017-07-07 16:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-12 20:48 - 2017-07-07 16:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-12 20:48 - 2017-07-07 15:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-08-12 20:48 - 2017-07-07 15:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-12 20:48 - 2017-07-07 15:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-12 20:48 - 2017-07-07 15:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-12 20:48 - 2017-07-07 15:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-12 20:48 - 2017-07-07 15:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-12 20:48 - 2017-07-07 15:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-12 20:48 - 2017-07-07 15:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-08-12 20:48 - 2017-07-07 15:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-08-12 20:48 - 2017-07-07 15:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-08-12 20:48 - 2017-07-07 15:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-08-12 20:48 - 2017-07-07 15:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-08-12 20:48 - 2017-07-07 15:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-08-12 20:48 - 2017-07-07 15:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 15:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 15:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-12 20:48 - 2017-07-07 15:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-08-12 20:48 - 2017-07-01 14:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
2017-07-28 15:11 - 2017-07-28 15:11 - 000001472 _____ C:\Users\Des\AppData\Local\recently-used.xbel
2017-07-28 14:55 - 2017-07-28 14:55 - 000000000 ____D C:\Users\Des\AppData\Local\{D99A9BBB-006F-4D73-BE3F-26F762ACCE9A}
2017-07-27 21:43 - 2017-08-26 17:07 - 000000000 ____D C:\Users\Des\Desktop\FRST-OlderVersion
2017-07-27 19:45 - 2017-08-26 17:07 - 002395648 _____ (Farbar) C:\Users\Des\Desktop\FRST64.exe
2017-07-27 19:45 - 2017-08-26 17:07 - 000000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-26 17:05 - 2016-05-21 14:05 - 000000262 _____ C:\Windows\Tasks\{799A0498-765A-C6AB-DBED-6E499F0E23E0}.job
2017-08-26 16:49 - 2009-07-14 05:45 - 000023696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-26 16:49 - 2009-07-14 05:45 - 000023696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-26 16:40 - 2016-11-22 19:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-26 16:40 - 2012-05-03 10:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-26 16:36 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-26 15:25 - 2015-07-28 18:47 - 000000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2764269830-1251874944-2569545036-1001UA.job
2017-08-26 13:31 - 2016-11-23 10:29 - 000000000 ____D C:\Users\Des\AppData\LocalLow\Mozilla
2017-08-24 14:42 - 2012-03-09 15:06 - 000000000 ____D C:\Users\Des\Documents\Andrew
2017-08-24 13:34 - 2011-05-17 20:49 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-24 13:27 - 2012-05-16 21:10 - 000000000 ____D C:\Users\Des\AppData\Roaming\Dropbox
2017-08-22 21:09 - 2017-07-11 12:23 - 001450358 _____ C:\Windows\ntbtlog.txt
2017-08-22 12:51 - 2015-07-28 18:47 - 000000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2764269830-1251874944-2569545036-1001Core.job
2017-08-22 12:42 - 2017-07-17 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-08-22 12:42 - 2017-01-20 15:32 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-20 17:31 - 2017-06-02 16:20 - 000000000 ____D C:\Users\Des\AppData\Roaming\vlc
2017-08-19 13:49 - 2015-04-12 12:03 - 000007168 _____ C:\Users\Des\pomodairo-1.1.db
2017-08-19 13:49 - 2011-04-11 14:37 - 000000000 ____D C:\Users\Des
2017-08-19 13:12 - 2017-07-16 18:07 - 000000000 ____D C:\Program Files\HitmanPro
2017-08-15 22:08 - 2013-10-23 08:47 - 000000000 ____D C:\ProgramData\Oracle
2017-08-15 19:53 - 2017-01-20 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-15 19:53 - 2017-01-20 15:48 - 000000000 ____D C:\Program Files (x86)\Java
2017-08-15 19:48 - 2017-01-20 15:48 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-14 18:21 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-08-13 17:31 - 2009-07-14 06:13 - 000782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-13 17:31 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-08-13 17:24 - 2009-07-14 05:45 - 000413136 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-11 17:53 - 2013-08-15 00:04 - 000000000 ____D C:\Windows\system32\MRT
2017-08-11 17:49 - 2011-05-26 17:35 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-11 16:38 - 2017-07-17 16:47 - 000189256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-08-11 16:38 - 2017-07-17 16:47 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-08-11 16:27 - 2017-07-17 16:50 - 000001046 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-08-06 11:36 - 2015-07-30 17:00 - 010893992 _____ (Adobe Systems Inc.) C:\Users\Des\Downloads\AdobeAIRInstaller.exe
2017-08-05 17:55 - 2015-07-28 16:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-31 20:52 - 2014-10-16 11:17 - 000000000 ____D C:\Users\Des\AppData\Local\Adobe
2017-07-31 20:51 - 2012-03-31 14:13 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-31 20:51 - 2012-03-31 14:13 - 000004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-31 20:51 - 2011-11-13 16:28 - 000000000 ____D C:\Windows\system32\Macromed
2017-07-31 20:51 - 2011-05-20 16:43 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-31 20:51 - 2011-05-20 16:43 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-28 15:11 - 2016-04-06 16:56 - 000000000 ____D C:\Users\Des\AppData\Local\gtk-2.0
2017-07-28 15:06 - 2016-04-06 16:46 - 000000000 ____D C:\Users\Des\.gimp-2.8
2017-07-27 22:26 - 2009-07-14 03:34 - 000000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2014-08-21 11:04 - 2014-08-21 11:04 - 000001224 _____ () C:\Users\Des\AppData\Roaming\aps.scan.quick.results
2014-08-21 11:04 - 2014-08-21 11:04 - 000002958 _____ () C:\Users\Des\AppData\Roaming\aps.scan.results
2014-08-21 11:04 - 2014-08-21 11:04 - 000000322 _____ () C:\Users\Des\AppData\Roaming\aps.uninstall.scan.results
2016-05-21 18:01 - 2016-05-21 18:01 - 000000044 _____ () C:\Users\Des\AppData\Roaming\WB.CFG
2011-05-30 10:55 - 2012-12-20 23:32 - 000011776 _____ () C:\Users\Des\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-21 10:58 - 2014-08-21 10:58 - 000631560 _____ (ClickMeIn Limited) C:\Users\Des\AppData\Local\nsy3038.tmp
2017-07-28 15:11 - 2017-07-28 15:11 - 000001472 _____ () C:\Users\Des\AppData\Local\recently-used.xbel
2017-03-07 17:55 - 2017-03-07 17:55 - 000010218 _____ () C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag

Files to move or delete:
====================
C:\Users\Des\7z1514.exe
C:\Users\Des\jxpiinstall.exe
C:\Windows\Tasks\{799A0498-765A-C6AB-DBED-6E499F0E23E0}.job


Some files in TEMP:
====================
2016-05-22 20:01 - 2010-08-04 21:21 - 000433976 _____ (Yahoo! Inc.) C:\Users\Des\AppData\Local\Temp\bpuninstall.exe
2016-05-06 12:56 - 2016-12-22 19:03 - 003698888 _____ (Foxit Corporation) C:\Users\Des\AppData\Local\Temp\FoxitUpdater.exe
2017-06-08 11:37 - 2017-06-08 11:37 - 000032768 _____ () C:\Users\Des\AppData\Local\Temp\ggtzvdcn.dll
2017-08-19 13:12 - 2017-07-16 18:06 - 011584088 _____ (SurfRight B.V.) C:\Users\Des\AppData\Local\Temp\HitmanPro.exe
2016-09-02 10:04 - 2016-09-02 10:04 - 000741440 _____ (Oracle Corporation) C:\Users\Des\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-30 12:48 - 2016-10-30 12:48 - 000737856 _____ (Oracle Corporation) C:\Users\Des\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-20 15:41 - 2017-01-20 15:41 - 000739904 _____ (Oracle Corporation) C:\Users\Des\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-20 12:06 - 2017-04-20 12:06 - 000739904 _____ (Oracle Corporation) C:\Users\Des\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-08-15 19:44 - 2017-08-15 19:44 - 000740416 _____ (Oracle Corporation) C:\Users\Des\AppData\Local\Temp\jre-8u144-windows-au.exe
2016-04-20 15:11 - 2016-04-20 15:11 - 000739904 _____ (Oracle Corporation) C:\Users\Des\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-10-21 13:34 - 2016-10-21 13:34 - 002424776 _____ (DivX, LLC) C:\Users\Des\AppData\Local\Temp\RSPUpgradeInstaller.exe
2016-05-10 21:53 - 2016-05-10 21:54 - 045196928 _____ (Skype Technologies S.A.) C:\Users\Des\AppData\Local\Temp\SkypeSetup.exe
2017-03-15 18:04 - 2017-03-15 18:04 - 014456872 _____ (Microsoft Corporation) C:\Users\Des\AppData\Local\Temp\vc_redist.x86.exe
2017-05-01 15:55 - 2017-05-01 15:55 - 078116448 _____ (Dropbox, Inc.) C:\Users\Des\AppData\Local\Temp\{32843004-ED59-463F-8D1E-51AB2B97EE33}-DropboxClient_25.4.28.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Des (26-08-2017 17:11:14)
Running from C:\Users\Des\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-11 13:37:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2764269830-1251874944-2569545036-500 - Administrator - Disabled)
Des (S-1-5-21-2764269830-1251874944-2569545036-1001 - Administrator - Enabled) => C:\Users\Des
Guest (S-1-5-21-2764269830-1251874944-2569545036-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2764269830-1251874944-2569545036-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.03 (HKLM-x32\...\7-Zip) (Version: 16.03 - Igor Pavlov)
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.29.32 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{7990b9d3-2da3-4eef-bf20-73a05086fd12}) (Version: 1.2.92.32157 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{E972AE5C-71B3-4D35-8193-BC4CC2F1FA20}) (Version: 1.2.92.32157 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{7A2E39A1-265C-4BF8-BE49-DE3248B9792A}) (Version: 2.0.3.40092 - Avira Operations GmbH & Co. KG)
BBC iPlayer Downloads (HKLM-x32\...\{198DFB43-9C28-4204-93ED-1545E3E467B8}) (Version: 1.0.2 - BBC)
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.6 - Belarc Inc.)
BT Cloud (HKLM\...\BT Cloud) (Version: 15.2.8.15 - BT Cloud)
Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2764269830-1251874944-2569545036-1001\...\CopyTrans Suite) (Version: 4.008 - WindSolutions)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dominion (HKLM-x32\...\Dominion) (Version: 2.01.05.2 - MakingFun)
Dropbox (HKU\S-1-5-21-2764269830-1251874944-2569545036-1001\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.1.6871 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monitor Off Utility 1.0 (HKLM-x32\...\{10F0131F-1CA2-4433-8473-7C890C769581}_is1) (Version:  - Dekisoft)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Online Plug-in (HKLM-x32\...\{EADC2DA1-5566-4F3B-8AA3-A2EC15F22760}) (Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden
Ontrack EasyRecovery Professional (HKLM-x32\...\{268723B7-A994-4286-9F85-B974D5CAFC7B}) (Version: 6.20.11 - Kroll Ontrack Inc.) Hidden
Ontrack EasyRecovery Professional (HKLM-x32\...\InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}) (Version: 6.20.11 - Kroll Ontrack Inc.)
PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 12.0 - PlotSoft LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN) Hidden
pomodairo (HKLM-x32\...\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1) (Version: 1.9 - UNKNOWN)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Scrivener (HKLM-x32\...\Scrivener 1970) (Version: 1970 - Literature and Latte)
Self-service Plug-in (HKLM-x32\...\{6A23E16C-62CB-466F-BF8F-C5BC2BA930B2}) (Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TextPad 8 (HKLM-x32\...\{6437A18A-5868-4510-8057-62EBEA5231D8}) (Version: 8.1.2 - Helios)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5 - Simply Super Software)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.27 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WMPKeys (HKLM-x32\...\{5D4B3647-9842-4875-B081-EF8D98C02865}) (Version: 1.2.0.0 - lazymf and kbept)
Wuala (HKU\S-1-5-21-2764269830-1251874944-2569545036-1001\...\Wuala) (Version:  - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files (x86)\TextPad 8\System\ShellExt64.dll ()
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2764269830-1251874944-2569545036-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2016-07-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2016-07-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.Overlays.dll [2016-07-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2012-05-02] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {9B891AF6-7104-41AE-965A-89F7E09FAD53} => C:\Windows\System32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2016-07-24] (Synchronoss Technologies Inc.)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2013-03-25] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2016-07-24] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2016-07-24] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Intel Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [BTCtxMenu] -> {95DBC49A-D828-457A-8449-1A7A9A0A6066} => C:\Program Files\BT Cloud\BT Cloud\x64\Sncr.ContextMenus.dll [2016-07-24] (Synchronoss Technologies Inc.)
ContextMenuHandlers6-x32: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-02-15] (Foxit Software Inc.)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-08-11] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1_S-1-5-21-2764269830-1251874944-2569545036-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1_S-1-5-21-2764269830-1251874944-2569545036-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files (x86)\TextPad 8\System\ShellExt64.dll [2017-03-07] ()
ContextMenuHandlers4_S-1-5-21-2764269830-1251874944-2569545036-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2764269830-1251874944-2569545036-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Des\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07BDF6DE-9C92-4F82-9808-803E699E69B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-31] (Adobe Systems Incorporated)
Task: {0EE1E1DF-1575-4639-AE50-14A413B303F3} - System32\Tasks\{BD57CADF-86B4-43B8-AF29-34FFA5D3BC15} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/en/eula
Task: {1C215747-A33F-4CE4-ACF1-283F80B23A9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {231D5FC5-BD04-4099-9D0A-41D451828DC6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {48EC586B-5C17-4C9D-9316-4E20E2664118} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {5C7CA64E-2EEB-4A32-924B-AAB108E1BD84} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2764269830-1251874944-2569545036-1001UA => C:\Users\Des\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {86F77D4F-F685-42A1-99FD-3CF25ACC7BAF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {89B5D2A5-96F8-4259-A450-535E49F6DDE0} - System32\Tasks\{AFBC24E3-131C-498E-A087-A7747ADBD877} => C:\Windows\system32\pcalua.exe -a C:\Users\Des\AppData\Local\Temp\jre-8u121-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {A9B49FC0-95D5-4C89-B2C6-BD8914D8DDAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B35099B2-A518-462F-B47B-AF69FFA01CDC} - System32\Tasks\{815AA811-C78D-497C-9920-DEA694A4BE9B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/en/abandoninstall?page=tsBing
Task: {B87FD75D-0A32-4D46-BEE4-3477004010EE} - System32\Tasks\{657B3DCE-32E3-40B4-AF0F-D6F4067BA4BA} => C:\Windows\system32\pcalua.exe -a C:\Users\Des\AppData\Local\Temp\jre-8u101-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {B9ED03FD-C99A-444E-B0A1-40B4F3630FD0} - System32\Tasks\{799A0498-765A-C6AB-DBED-6E499F0E23E0} => C:\Users\Des\AppData\Local\{83A4B~1\UNINST~1.EXE <==== ATTENTION
Task: {C3039F4B-E4B8-4949-8B6A-25AFEEA5A8C0} - System32\Tasks\{507860FD-8EC1-40D5-9EDE-7779F27FC4FB} => C:\Windows\system32\pcalua.exe -a C:\Users\Des\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {D374E3FC-A87B-4738-9589-B84285C5AA70} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2764269830-1251874944-2569545036-1001Core => C:\Users\Des\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {E50EA355-3A68-4C60-9FDF-F45253C926A5} - System32\Tasks\{B9F8114F-0572-4BB7-B44C-26F928E7C040} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.23.0.105/en/eula
Task: {F1EDFE1F-9355-4AA0-AD1C-1562BF81A2E5} - System32\Tasks\{FB33BB87-0DAD-4431-B3F5-33A5F66959CE} => C:\Windows\system32\pcalua.exe -a C:\Users\Des\Downloads\iPod_Support_v3_10.exe -d C:\Users\Des\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2764269830-1251874944-2569545036-1001Core.job => C:\Users\Des\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2764269830-1251874944-2569545036-1001UA.job => C:\Users\Des\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\{799A0498-765A-C6AB-DBED-6E499F0E23E0}.job => C:\Users\Des\AppData\Local\{83A4B~1\UNINST~1.EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-07-17 09:17 - 2011-02-28 23:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2012-01-10 22:12 - 2012-01-10 22:12 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-23 12:00 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2764269830-1251874944-2569545036-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Des\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Des^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\Wondershare\Video Converter Free\BrowserPlugInHelper.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\iSkysoft\iTube Studio\DelayPluginI.exe
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Driver Manager => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Des\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SynchronossPC => C:\Program Files\BT Cloud\BT Cloud\BTCloud.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrojanScanner => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{747229B6-B281-4982-BC18-A7D68BDEA370}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D9C90633-79DD-4EF8-8B1B-6E8701F38BF1}] => (Allow) svchost.exe
FirewallRules: [{58F38B31-A76F-4B5D-991A-6E446F79D382}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{7F757B8C-C0ED-456D-8621-365FD81A51D7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB1CEB54-C3F9-42C9-95FF-4E954FDCF5A4}] => (Allow) LPort=2869
FirewallRules: [{2E18917C-8FD2-492C-B249-5949433839C7}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{711C29E3-3789-49FC-AD7F-444E9A8B7FE0}C:\users\des\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\des\appdata\roaming\wuala\wuala.exe
FirewallRules: [UDP Query User{5F3CF3E8-EDDC-4694-8BA8-6E6155EDFD1C}C:\users\des\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\des\appdata\roaming\wuala\wuala.exe
FirewallRules: [{7FB07C26-D8AC-4ACB-AB4E-D7D6880C59C0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{43A5704E-CCC7-427A-B750-CA0E1C63A049}] => (Allow) C:\Users\Des\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{56DBFC3D-CC9C-4577-A7AA-6E584C971ED3}] => (Allow) C:\Users\Des\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9FCDBE69-222B-4EBC-81BB-4D3049D0D2A8}C:\users\des\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\des\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{36B7CE0B-2C86-413F-B626-00DC7E39FDEC}C:\users\des\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\des\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{51477DD2-A3D5-45A4-AE41-05B1F6D121E3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{91417647-42AA-4286-B414-753EE2A4E760}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F88EC116-AE38-4D1C-9247-7E6E16019C1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{387E690D-A102-4F7A-8C77-A00E5526CB04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C6402E9-EC50-4FCB-9C21-933719ADB462}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B12C4BF-AD78-4458-8702-A072AF8610A3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{91D43C83-7514-4906-BA06-4BE2D37220CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{604BF847-3D28-413C-B371-E5CA4A9B29B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0BCF590F-5BAA-4DF6-90DE-9D8A6CEC895C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A5F0EF47-8C23-4D25-8A51-4B950F42C152}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D7ABCD89-B7C9-475A-AB9C-68191B8A0989}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C87A20EF-3FBE-451A-BDA7-8B5F169295B3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A59D3685-FC18-4F37-9640-32FBA1840FEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Calvino Noir\application.exe
FirewallRules: [{2C77315C-F855-4F64-8D3A-6719248AC9EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Calvino Noir\application.exe

==================== Restore Points =========================

05-08-2017 13:39:30 Windows Update
11-08-2017 16:33:43 Windows Update
11-08-2017 17:47:40 Windows Update
12-08-2017 23:08:11 Windows Update
19-08-2017 13:22:08 Windows Update
25-08-2017 16:21:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2017 01:36:32 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (08/25/2017 04:26:00 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (08/24/2017 01:35:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (08/22/2017 09:10:09 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.

Error: (08/22/2017 09:10:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C

Error: (08/21/2017 03:59:50 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (08/20/2017 04:48:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (08/19/2017 01:33:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.

Error: (08/17/2017 09:33:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 54.0.1.6388 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1308

Start Time: 01d3179399a93c20

Termination Time: 1363

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 3ccbd2de-838b-11e7-a233-d027881c4122

Error: (08/17/2017 09:06:01 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.


System errors:
=============
Error: (08/26/2017 04:37:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Foxit Cloud Safe Update Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 03:40:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/26/2017 01:27:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Foxit Cloud Safe Update Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/26/2017 01:27:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Phantom VPN service to connect.

Error: (08/25/2017 05:20:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/25/2017 04:49:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service.

Error: (08/25/2017 04:13:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Foxit Cloud Safe Update Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/24/2017 02:46:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/24/2017 01:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Foxit Cloud Safe Update Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/24/2017 01:22:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Phantom VPN service to connect.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 61%
Total physical RAM: 3767.12 MB
Available physical RAM: 1447.02 MB
Total Virtual: 7532.42 MB
Available Virtual: 4622.87 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:454.78 GB) (Free:195.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DC8BF28)
Partition 1: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 greenhenry

greenhenry
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 26 August 2017 - 12:26 PM

Apologies - the original post did go through despite the timeout message. Please see my post at 6.31pm on August 26th. Admins I assume this thread should be deleted.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users