Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with "HTML:RedirME-inf [trg]"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with "HTML:RedirME-inf [trg]"

Unread postby topside smudger » December 11th, 2017, 10:40 am

Hi,

I use both Chrome and Firefox when browsing. I appear to have an infection(s) that is affecting both browsers in slightly different ways.

Chrome:
The page redirects and brings up an invite to take part in a Google Chrome survey, with the offer of being entered into a free draw to win an Apple iPhone 8. The page address is as follows: "http://game1492.share4-dc54-storage5.faith/default.aspx?u=v45w2kk&o=dmkp5ze&f=1". Once it has happened and I have closed the tab, it doesn't seem to happen again until I close and reopen the browser.

Firefox:
A few seconds after opening firefox Avast gives a threat warning and brings up a threat message which reads the following: "We've safely aborted connection on xml.plaimedia.com because it was infected with HTML:RedirME-inf [trg]". Following this, firefox normally brings up the "The connection was reset" page. Once I have closed the avast threat message, it doesn't seem to happen again until I close and reopen the browser.

The problem isn't bothering me that much, but I'm concerned that the infection is more sinister than I realise.

I have run a number of programs to try and solve the problem, but to no avail: Avast, Malwarebytes, Sophos, Norton Power Eraser, Zumana, Hitmanpro.

Thanks very much in anticipation for your help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-12-2017
Ran by David (administrator) on DAVID-PC (11-12-2017 11:58:00)
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-15] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-16] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-08] (Spotify Ltd)
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\MountPoints2: {54dac566-74c7-11e6-a4e5-ac7289134dda} - E:\LGAutoRun.exe
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\MountPoints2: {5b6e38a7-3863-11e5-9a5d-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250
Tcpip\..\Interfaces\{1B7C8E64-7A39-44CF-87FC-F5D77687482E}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{4AF8C3FC-A6B5-4823-BE6C-57716D47B260}: [DhcpNameServer] 192.168.1.254 62.101.93.101 83.103.25.250

Internet Explorer:
==================
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.dell.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-16] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-08] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-16] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-08] (Oracle Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/ ... 4963403489

FireFox:
========
FF DefaultProfile: i33es8km.default-1512643936929
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i33es8km.default-1512643936929 [2017-12-11]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i33es8km.default-1512643936929\features\{50be80bf-e611-4304-8414-935013a8f7ff}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-09] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-21] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: @citrixonline.com/appdetectorplugin -> C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: SkypeForBusinessPlugin-16.2 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3459912657-3031662703-3452388855-1000: SkypeForBusinessPlugin64-16.2 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2017-12-11]
CHR Extension: (Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Avast SafePrice) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-06]
CHR Extension: (Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2010-02-01] (ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-16] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-09] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-05] (Dropbox, Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2016-03-09] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-06-29] (Nalpeiron Ltd.) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-06-29] (Nalpeiron Ltd.) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] () [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-16] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110376 2017-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455376 2017-11-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [203976 2017-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-16] (AVAST Software)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-12-11] (Malwarebytes)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2017-06-13] (The OpenVPN Project)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-12-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-12-07] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-11 11:58 - 2017-12-11 11:59 - 000021260 _____ C:\Users\David\Downloads\FRST.txt
2017-12-11 11:57 - 2017-12-11 11:58 - 000000000 ____D C:\FRST
2017-12-11 11:52 - 2017-12-11 11:52 - 002390528 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2017-12-11 07:32 - 2017-12-11 07:32 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-12-10 10:23 - 2017-12-11 07:33 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-08 18:14 - 2017-12-10 12:58 - 000000000 ____D C:\Users\David\AppData\Local\Spotify
2017-12-08 18:14 - 2017-12-08 18:14 - 000001805 _____ C:\Users\David\Desktop\Spotify.lnk
2017-12-08 18:12 - 2017-12-10 12:45 - 000000000 ____D C:\Users\David\AppData\Roaming\Spotify
2017-12-08 18:12 - 2017-12-08 18:12 - 000725488 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup (2).exe
2017-12-08 17:59 - 2017-12-08 17:59 - 007189760 _____ (VS Revo Group ) C:\Users\David\Downloads\revosetup.exe
2017-12-08 17:59 - 2017-12-08 17:59 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-12-08 17:59 - 2017-12-08 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-12-08 17:59 - 2017-12-08 17:59 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-08 17:55 - 2017-12-08 17:55 - 000078724 _____ C:\Users\David\Downloads\SpotifySetup.zip
2017-12-07 12:07 - 2017-12-07 12:07 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-12-07 11:52 - 2017-12-07 11:52 - 000000000 ____D C:\Users\David\Desktop\Old Firefox Data
2017-12-07 11:34 - 2017-12-07 11:35 - 015808656 _____ (Copyright 2017.) C:\Users\David\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-12-07 09:46 - 2017-12-07 12:08 - 000000000 ____D C:\ProgramData\HitmanPro
2017-12-07 09:46 - 2017-12-07 09:46 - 011584088 _____ (SurfRight B.V.) C:\Users\David\Downloads\hitmanpro_x64.exe
2017-12-07 08:42 - 2017-12-07 08:42 - 015808656 _____ (Copyright 2017.) C:\Users\David\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-12-07 08:16 - 2017-12-11 11:57 - 000080617 _____ C:\Windows\ZAM.krnl.trace
2017-12-07 08:16 - 2017-12-11 11:57 - 000050934 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-12-07 08:16 - 2017-12-07 08:16 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-12-07 08:16 - 2017-12-07 08:16 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-12-07 08:16 - 2017-12-07 08:16 - 000000000 ____D C:\Users\David\AppData\Local\Zemana
2017-12-07 08:15 - 2017-12-07 08:16 - 015808656 _____ (Copyright 2017.) C:\Users\David\Downloads\Zemana.AntiMalware.Portable.exe
2017-12-06 22:26 - 2017-12-06 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-12-06 21:05 - 2017-12-06 21:05 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-12-06 09:37 - 2017-12-06 09:37 - 000000000 ____D C:\ProgramData\Sophos
2017-12-06 08:46 - 2017-12-06 08:47 - 000000000 ____D C:\NPE
2017-12-06 08:43 - 2017-12-06 09:23 - 000000000 ____D C:\Users\David\AppData\Local\NPE
2017-12-06 08:43 - 2017-12-06 08:43 - 000000000 ____D C:\ProgramData\Norton
2017-12-06 08:32 - 2017-12-06 08:32 - 003422944 _____ (Symantec Corporation) C:\Users\David\Downloads\NPE.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-12-05 02:06 - 2017-12-05 02:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-12-05 02:06 - 2017-12-05 02:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-12-04 22:23 - 2017-12-04 22:23 - 000033981 _____ C:\Users\David\Downloads\result.pdf
2017-12-02 12:13 - 2017-12-02 12:13 - 000723152 _____ (Spotify Ltd) C:\Users\David\Downloads\SpotifySetup (1).exe
2017-11-30 09:59 - 2017-11-30 09:59 - 000003943 _____ C:\Users\David\Downloads\L1304 1 043 20171120 (1).PDF
2017-11-30 09:58 - 2017-11-30 09:58 - 000003943 _____ C:\Users\David\Downloads\L1304 1 043 20171120.PDF
2017-11-30 09:35 - 2017-12-09 17:20 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-30 09:35 - 2017-11-30 09:35 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-30 09:35 - 2017-11-30 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-30 09:34 - 2017-11-30 09:34 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-30 09:32 - 2017-11-30 09:33 - 078346672 _____ (Malwarebytes ) C:\Users\David\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-21 18:38 - 2017-11-21 18:38 - 000006524 _____ C:\Users\David\Downloads\SRT - Detailed results (6).pdf
2017-11-21 17:27 - 2017-11-21 17:27 - 000006226 _____ C:\Users\David\Downloads\SRT - Detailed results (5).pdf
2017-11-16 11:01 - 2017-11-16 11:00 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-16 11:01 - 2017-11-16 11:00 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-15 11:21 - 2017-11-15 11:21 - 000280788 _____ C:\Users\David\Desktop\ENI fattura-1734075289.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-11 11:57 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-11 11:57 - 2009-07-14 05:45 - 000021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-11 11:52 - 2017-01-05 14:54 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job
2017-12-11 11:49 - 2015-08-03 08:07 - 000000000 ____D C:\Users\David\AppData\Roaming\Skype
2017-12-11 11:19 - 2016-03-09 09:58 - 000001106 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-12-11 10:24 - 2016-11-24 15:15 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2017-12-11 10:19 - 2017-01-05 14:54 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job
2017-12-11 07:31 - 2016-03-09 09:58 - 000001102 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-12-11 07:30 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-09 23:30 - 2015-08-01 15:54 - 000000000 ____D C:\Users\David
2017-12-09 08:52 - 2017-07-08 10:49 - 000000000 ____D C:\Users\David\AppData\Local\GoToMeeting
2017-12-09 08:45 - 2016-11-23 22:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-09 08:45 - 2016-06-24 05:58 - 000000000 ____D C:\Program Files (x86)\ABBYY PDF Transformer 3.0
2017-12-09 08:45 - 2015-08-01 18:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-08 23:02 - 2015-08-01 21:27 - 000000000 ____D C:\Users\David\AppData\Roaming\vlc
2017-12-08 22:58 - 2016-07-23 21:51 - 000000000 ____D C:\Users\David\AppData\Roaming\5kplayer
2017-12-08 18:14 - 2015-10-01 13:44 - 000001791 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-12-08 14:13 - 2017-08-06 10:57 - 000004474 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-08 14:13 - 2017-01-05 14:54 - 000003656 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000
2017-12-08 14:13 - 2017-01-05 14:54 - 000003560 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000
2017-12-08 14:13 - 2016-03-22 21:57 - 000003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458680219
2017-12-08 14:13 - 2016-03-09 09:58 - 000004112 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-12-08 14:13 - 2016-03-09 09:58 - 000003860 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-12-08 14:13 - 2015-12-16 09:09 - 000003582 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-08 14:13 - 2015-12-16 09:09 - 000003454 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-08 14:13 - 2015-12-03 22:11 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-12-08 14:13 - 2015-08-07 09:58 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-12-08 14:13 - 2015-08-01 17:36 - 000003066 _____ C:\Windows\System32\Tasks\{63425FEB-6378-4EC6-97B2-025AE9FCBA72}
2017-12-07 12:07 - 2016-06-24 05:52 - 000000000 ____D C:\Users\David\Documents\ABBYY PDF Transformer 3.0.100.399
2017-12-06 22:26 - 2016-03-09 09:58 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-12-06 12:46 - 2009-07-14 06:13 - 000752560 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-06 12:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-12-05 11:01 - 2017-02-07 13:38 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-11-30 23:02 - 2015-08-07 09:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-30 09:34 - 2015-08-01 18:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-26 05:17 - 2009-07-14 06:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-24 17:25 - 2015-11-28 20:09 - 000000000 ____D C:\Users\David\AppData\Roaming\dvdcss
2017-11-20 08:01 - 2015-08-06 11:03 - 000000000 ____D C:\Users\David\AppData\Local\Adobe
2017-11-20 08:00 - 2015-08-06 11:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-20 08:00 - 2015-08-06 11:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-20 08:00 - 2015-08-06 11:05 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-20 08:00 - 2015-08-06 11:05 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-16 11:01 - 2015-08-01 18:35 - 000455376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-16 11:00 - 2015-08-01 18:35 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys.151082650559204
2017-11-16 11:00 - 2015-08-01 18:35 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-16 11:00 - 2015-08-01 18:35 - 000203976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-16 11:00 - 2015-08-01 18:35 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-16 11:00 - 2015-08-01 18:35 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-16 11:00 - 2015-08-01 18:35 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-16 11:00 - 2015-08-01 18:35 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-16 11:00 - 2015-08-01 18:30 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-16 10:58 - 2017-02-07 13:38 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-16 10:58 - 2017-02-07 13:38 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-16 10:58 - 2017-02-07 13:38 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-16 10:58 - 2017-02-07 13:38 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-16 10:58 - 2015-08-01 18:35 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-16 10:23 - 2015-08-01 18:40 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-16 09:56 - 2015-08-01 18:04 - 000000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2017-11-14 23:57 - 2015-12-16 09:09 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 23:57 - 2015-12-16 09:09 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-14 12:36 - 2015-08-03 08:07 - 000000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-12-12 11:05 - 2016-12-12 11:06 - 000004608 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-01 17:34 - 2015-08-01 17:34 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183443.txt
2015-08-01 17:36 - 2015-08-01 17:36 - 000001696 _____ () C:\Users\David\AppData\Local\FastClean.20150801.183631.txt

Some files in TEMP:
====================
2015-08-06 10:58 - 2015-08-06 11:08 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\2qvjzt6j.dll
2017-03-08 08:52 - 2017-03-08 08:52 - 000009728 _____ () C:\Users\David\AppData\Local\Temp\7unolm8u.dll
2017-03-05 11:38 - 2017-03-05 11:39 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\adpmoyau.dll
2017-02-26 22:21 - 2017-02-26 22:21 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\afwniocp.dll
2015-08-06 09:54 - 2015-08-06 10:09 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\b40nygsk.dll
2015-08-06 10:13 - 2015-08-06 10:53 - 000009728 _____ () C:\Users\David\AppData\Local\Temp\bassmod.dll
2017-02-20 11:43 - 2017-02-20 11:43 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\c4zdnkdl.dll
2017-04-20 17:17 - 2017-04-20 17:17 - 000032768 _____ () C:\Users\David\AppData\Local\Temp\ebonghc6.dll
2017-03-10 07:53 - 2017-03-10 07:53 - 000011264 _____ () C:\Users\David\AppData\Local\Temp\fdnuin9y.dll
2017-03-14 14:42 - 2017-03-14 14:42 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\fir3ap9m.dll
2017-04-05 15:07 - 2017-10-18 21:10 - 000079904 _____ () C:\Users\David\AppData\Local\Temp\i4jdel0.exe
2016-06-15 15:07 - 2016-06-15 15:07 - 000035680 _____ () C:\Users\David\AppData\Local\Temp\i4jdel1.exe
2017-03-02 10:38 - 2017-03-02 10:38 - 000011264 _____ () C:\Users\David\AppData\Local\Temp\iekhfool.dll
2016-08-23 10:58 - 2016-08-23 10:58 - 000741440 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-12-16 08:29 - 2015-12-16 08:29 - 000585824 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-03-08 00:12 - 2016-03-08 00:12 - 000736352 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-04-12 07:15 - 2016-04-12 07:15 - 000736320 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-03 21:34 - 2016-05-03 21:34 - 000739904 _____ (Oracle Corporation) C:\Users\David\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-08-10 13:21 - 2015-08-10 13:22 - 050067152 _____ (Microsoft Corporation) C:\Users\David\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2017-03-27 07:00 - 2017-03-27 07:00 - 000009728 _____ () C:\Users\David\AppData\Local\Temp\o2lujxz9.dll
2017-02-14 09:22 - 2017-02-14 09:22 - 000032768 _____ () C:\Users\David\AppData\Local\Temp\qjeepedz.dll
2017-03-01 11:11 - 2017-03-01 11:11 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\r-gbq2b4.dll
2017-03-02 10:38 - 2017-03-02 10:38 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\r8axgbp3.dll
2017-02-28 12:39 - 2017-02-28 12:39 - 000005632 _____ () C:\Users\David\AppData\Local\Temp\rne4epda.dll
2017-03-14 07:15 - 2017-03-14 07:15 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\rwvbpyn0.dll
2015-08-06 10:43 - 2015-08-06 10:52 - 000003584 _____ () C:\Users\David\AppData\Local\Temp\sdb-bvru.dll
2016-05-10 08:46 - 2016-05-17 09:15 - 045196928 _____ (Skype Technologies S.A.) C:\Users\David\AppData\Local\Temp\SkypeSetup.exe
2017-02-23 10:29 - 2017-02-23 10:29 - 000012800 _____ () C:\Users\David\AppData\Local\Temp\sosronlf.dll
2017-02-14 06:33 - 2017-02-14 06:33 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\toldlhxj.dll
2016-08-16 21:37 - 2016-08-16 21:37 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\txyo69ku.dll
2015-08-06 10:34 - 2015-08-06 10:34 - 000004096 _____ () C:\Users\David\AppData\Local\Temp\uh8f-w_i.dll
2017-04-27 06:53 - 2017-04-27 06:53 - 000011264 _____ () C:\Users\David\AppData\Local\Temp\vlvxigcv.dll
2017-03-23 14:08 - 2017-03-23 14:08 - 000032768 _____ () C:\Users\David\AppData\Local\Temp\xfvri8fn.dll
2017-02-17 07:36 - 2017-02-17 07:36 - 000008192 _____ () C:\Users\David\AppData\Local\Temp\xh3qz_qf.dll
2006-05-24 18:10 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\David\AppData\Local\Temp\_is6F4.exe
2006-05-24 18:10 - 2006-05-24 18:10 - 000455600 ____R (Macrovision Corporation) C:\Users\David\AppData\Local\Temp\_isF23C.exe
2016-12-15 19:19 - 2016-12-15 19:22 - 074853056 _____ (Dropbox, Inc.) C:\Users\David\AppData\Local\Temp\{1AAC8C7B-7C67-474B-B733-896C58A72D34}-DropboxClient_16.4.29.exe
2016-12-08 19:21 - 2016-12-08 19:21 - 013983608 _____ (Google Inc.) C:\Users\David\AppData\Local\Temp\{E26A012A-0752-4D6E-8339-B9CB8DF0FC2B}-55.0.2883.87_54.0.2840.99_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-09 17:38

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017
Ran by David (11-12-2017 12:00:20)
Running from C:\Users\David\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-08-01 14:54:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3459912657-3031662703-3452388855-500 - Administrator - Disabled)
David (S-1-5-21-3459912657-3031662703-3452388855-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3459912657-3031662703-3452388855-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3459912657-3031662703-3452388855-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

5KPlayer 4.0 (HKLM-x32\...\5KPlayer_is1) (Version: - DearMob, Inc.)
ABBYY PDF Transformer 3.0 (HKLM\...\{FA300000-0001-6400-0000-074957833700}) (Version: 3.00.317.68010 - ABBYY) Hidden
ABBYY PDF Transformer 3.0 (HKLM-x32\...\ABBYY PDF Transformer 3.0) (Version: 3.00.317.68010 - ABBYY)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.21 - STMicroelectronics)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Adobe Connect 9 Add-in) (Version: 11.9.979.366 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.5 - Power Software Ltd)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-7055W (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.24.2 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EclipseCrossword (HKLM-x32\...\{F389DB8F-0716-4FC6-82B2-02B2FA2B4F24}) (Version: 1.2.61 - Green Eclipse)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
ExpressVPN (HKLM-x32\...\{7689678D-6332-45FA-BE84-11057A21B348}) (Version: 5.0.1.551 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{7e9357d8-8bdd-4e72-88ac-1b3acedd2b32}) (Version: 5.0.1.551 - ExpressVPN)
ExpressVPN Compatibility Checks (HKLM-x32\...\{F29EAC42-41E5-47B9-8B75-DFD1B1979DB7}) (Version: 1.0.0.0 - ExpressVPN) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Football Manager 2011 (HKLM-x32\...\Football Manager 2011) (Version: 11.0.0.0 - Sports Interactive)
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoToMeeting 8.18.0.8034 (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\GoToMeeting) (Version: 8.18.0.8034 - LogMeIn, Inc.)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Hazon clic (HKLM-x32\...\{4514501C-A3CF-456D-B2AD-508EDE42C61A}) (Version: - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel PROSet Wireless (HKLM-x32\...\ProInst) (Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle)
KeePass Password Safe 1.29 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.29 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Loquendo TTS: Elizabeth (British English) (HKLM-x32\...\LoqTTS-Elizabeth_is1) (Version: - )
Loquendo TTS: Simon (British English) (HKLM-x32\...\LoqTTS-Simon_is1) (Version: - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 57.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-GB)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiSkypeLauncher (remove only) (HKLM-x32\...\MultiSkypeLauncher) (Version: 1.8 - MultiSkypeLauncher)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Extract (HKLM-x32\...\{7071528D-59E2-412D-8EA4-272C87F7027C}) (Version: 9.2.361 - SDL)
SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.361 - SDL)
SDL Passolo Essential 2011 SP6 (HKLM-x32\...\{627163CD-8116-4982-9AC1-8C6DE4A499A0}) (Version: 11.6.0.0 - SDL)
SDL Trados 2011 SP2 - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3001 - SDL)
SDL Trados Compatibility module (HKLM-x32\...\{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}) (Version: 1.0.72 - SDL)
SDL Trados Studio 2011 SP2 (HKLM-x32\...\{7205B6D1-2975-4DDC-85D4-30AECFBFC138}) (Version: 2.2.3001 - SDL)
Skype Meetings App (HKLM-x32\...\{240D565E-3537-4048-8920-FAAB2A136A84}) (Version: 16.2.0.23 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Software Intel® PROSet/Wireless WiMAX (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Spotify (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Spotify) (Version: 1.0.69.336.g7edcc575 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Validity Sensors DDK (HKLM\...\{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}) (Version: 4.3.108.0 - Validity Sensors, Inc.)
Vidyo Desktop 3.6.3 - (David) (HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\Vidyo Desktop) (Version: 3.6.3 - Vidyo Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\David\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\David\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [PDFTransformer3ContextMenu] -> {2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} => C:\Program Files (x86)\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll [2010-03-25] (ABBYY)
ContextMenuHandlers1-x32-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio2\TranslationStudioExt.dll [2012-07-05] (TODO: <Company name>)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-12-05] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-15] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17A0212C-84A3-479D-9736-DAC173FC9EE2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-09] (Dropbox, Inc.)
Task: {1CEB3D0D-C619-4C9F-A251-6C839C1BE188} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-16] (AVAST Software)
Task: {3A57F3EF-6938-47C6-994C-BE15B24FCA2E} - System32\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000 => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupload.exe [2017-12-06] (LogMeIn, Inc.)
Task: {43749702-9ABF-4EE3-B829-44CB5F2D4D94} - System32\Tasks\{63425FEB-6378-4EC6-97B2-025AE9FCBA72} => C:\Windows\system32\pcalua.exe -a F:\drivers\R314281.exe -d F:\drivers
Task: {51FC791C-1198-4ABC-93EA-A6D0E59A32A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {5C8545BF-DE5A-4913-BE04-24E95AC28B2E} - System32\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000 => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupdate.exe [2017-12-06] (LogMeIn, Inc.)
Task: {66B1F354-7FB9-48EA-A251-299426E975FB} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-12-06] (AVAST Software)
Task: {A9A5E45D-12B4-40E9-9797-16421D7E14D9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-12-08] (AVAST Software)
Task: {BAB0A7A8-4AA8-426E-AE96-0329ED6C1865} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {BCED2FE1-EED2-45A8-AD9D-7732246AF78C} - System32\Tasks\SafeZone scheduled Autoupdate 1458680219 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {F390E493-19B4-42C2-8283-ED139D6DE8EB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-03-09] (Dropbox, Inc.)
Task: {F7A28853-4D4B-44DC-8570-951CD47C00ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {F904EEF1-204C-42A6-9FBE-7A0A591B6968} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-20] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3459912657-3031662703-3452388855-1000.job => C:\Users\David\AppData\Local\GoToMeeting\8034\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-07-27 19:07 - 2011-07-27 19:07 - 001501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2016-03-09 14:56 - 2016-03-09 14:56 - 000331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2016-03-10 15:56 - 2016-03-10 15:56 - 009641976 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2015-08-04 13:18 - 2005-04-22 12:36 - 000143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-02-18 07:18 - 2011-02-18 07:18 - 000245760 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-08-01 16:17 - 2010-12-15 09:46 - 000686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2015-08-01 17:26 - 2012-11-15 01:03 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-11-30 09:35 - 2017-12-09 17:20 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-16 10:58 - 2017-11-16 10:58 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-11-14 23:57 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-14 23:57 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-10 20:08 - 2017-12-10 20:08 - 005892848 _____ () C:\Program Files\AVAST Software\Avast\defs\17121002\algo.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-16 10:59 - 2017-11-16 10:59 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2016-03-10 15:56 - 2016-03-10 15:56 - 000379384 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-07-10 21:16 - 2017-07-10 21:16 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-16 10:58 - 2017-11-16 10:58 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-12-06 22:25 - 2017-12-05 02:06 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-12-06 22:25 - 2017-12-05 02:06 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-12-06 22:26 - 2017-12-05 02:06 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-12-06 22:26 - 2017-12-05 02:06 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-12-06 22:26 - 2017-12-05 02:08 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-12-06 22:26 - 2017-12-05 02:08 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-12-06 22:26 - 2017-12-05 02:06 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-12-06 22:26 - 2017-12-05 02:09 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-12-06 22:25 - 2017-12-05 02:06 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-12-06 22:25 - 2017-12-05 02:07 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-12-06 22:26 - 2017-12-05 02:08 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-12-06 22:25 - 2017-12-05 02:07 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-12-06 22:26 - 2017-12-05 02:09 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-12-06 22:25 - 2017-12-05 02:07 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-06-28 11:20 - 2016-10-08 15:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-06-28 11:20 - 2016-07-21 09:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-08-23 08:32 - 2017-08-23 08:32 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e02990982d5c841556f4bc4041a38de0\IsdiInterop.ni.dll
2015-08-01 16:37 - 2010-11-05 22:50 - 000058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2006-10-26 20:30 - 2006-10-26 20:30 - 000065312 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2006-10-27 14:35 - 2006-10-27 14:35 - 000436512 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2006-10-26 12:56 - 2006-10-26 12:56 - 000757008 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:netNLSPreferences [0]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3459912657-3031662703-3452388855-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 62.101.93.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiSkypeLauncher.lnk => C:\Windows\pss\MultiSkypeLauncher.lnk.Startup
MSCONFIG\startupreg: 5KPlayer.exe => "C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe" -auto
MSCONFIG\startupreg: ABBYY Screenshot Reader Bonus => "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: Hazon clic => "C:\Program Files (x86)\Garzanti Linguistica\Hazon clic\HAZON.EXE" -I
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => C:\Users\David\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: Vidyo Desktop => C:\Users\David\AppData\Local\Vidyo\Vidyo Desktop\VidyoDesktop.exe
MSCONFIG\startupreg: WirelessManager => "C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{428DDB47-AC87-4A54-9A47-95E67A72E1C1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{4547EC1C-006F-4303-8B68-9D38E2E5E905}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{2598580E-BA54-4673-A015-824D2F119838}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{3334636A-8AF0-4230-BD57-801BE7C1FE31}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{938AAD73-1C06-4271-BEFC-0949BE9FFA93}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{295DCE28-70DB-4BBC-8569-0879DC5D9D5C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21F6B83E-CEA0-4BC2-BC96-6C7E16A1A769}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2174D44E-D99D-453C-8FBA-3353D7195644}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{86476E60-9747-4E31-BC45-77E9DC585FE5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{190BE4F1-1F96-43A2-B103-D2B25E811D74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{B12EB9A5-AB89-415C-8516-1733C016802A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{FE914B56-310D-4A3A-9E19-D45489A4C954}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{4EDEF5E2-9739-4D62-9861-C35711DB6208}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{A2065ED3-3C9A-44E9-A551-FD0F1D7A5B32}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{663CE241-8BD9-4752-922C-A11ABEE823AE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{266C0B80-925E-4BD1-9A5B-0F76DBEC0B74}] => (Allow) C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
FirewallRules: [{B4A6FC6A-894F-4B77-9127-51D7B438BD04}] => (Allow) LPort=54925
FirewallRules: [{E792E51A-1BC5-43FD-9F40-BE7A27759E35}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD636760-C5E5-41DC-B741-6A4BAE21E80C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3BF0BA81-96CD-46C5-88A4-8342930D6A97}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{39C68351-BDF6-44EA-A852-3A855A4144B7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{45FD30DC-B1D6-4D17-A904-D272843DE272}C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe] => (Allow) C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe
FirewallRules: [UDP Query User{114F1D19-D218-47E4-9D3E-93DBDA17E933}C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe] => (Allow) C:\users\david\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.23\pluginhost.exe
FirewallRules: [{C69C13DC-6AF7-4ECB-8D8B-EB43684EEF6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8243FE03-2D16-4C16-B723-94D9E43CDE11}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6D46AFFB-900D-49B7-963F-D09DBADF7921}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{442777D0-1FA8-4127-B404-6A2594578E0B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{02B91C3A-C689-453D-B2C2-41317A9E6F65}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [UDP Query User{42E378B8-2CBE-4698-85ED-0F415A26737A}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [TCP Query User{23800015-ED8B-4C0F-A3A6-A3CDC6409B95}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [UDP Query User{AECB1A54-F21D-40BF-8108-1A31671C8DDC}C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe] => (Allow) C:\users\david\appdata\local\vidyo\vidyo desktop\vidyodesktop.exe
FirewallRules: [{5259567C-0511-416D-8805-9A433E702F87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66AEE627-B372-4760-8773-9C1C76461A83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD4BC11B-027D-4638-9B5D-F49C9E4AECDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{58EA8238-64EE-4449-ABA8-001B0B2DA8BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{653E83C0-4FA2-40A9-B01F-297929AF1C3F}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{AB07A73E-D901-4A9F-B171-DCA53A7F6A69}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{9A8AD6EF-AF8F-4B6E-80CD-17F164DF0B34}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{C627E0DE-2DDD-41F7-9C6D-274138850DAC}] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [{75AD68DC-705F-45D8-A74B-112F67C9502E}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{F0F11B36-0219-4081-A591-70E33BF6B1A5}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{D38A1C17-DECC-4292-A0DB-24A75A481E30}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{55D4BAEB-B1DA-4141-A1D8-DA5B50AAA2A4}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
FirewallRules: [{16585130-547C-46CE-93B8-D1C3652094B9}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{980D763B-6201-474C-BCB5-6C6850738F03}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F9311C75-9F50-41D0-91BF-F2BB3C652B00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05F3B00E-F426-4AD5-BF51-2CE65264BFFB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E1FD54BA-620D-4F31-ACEB-57ED53EAA2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6CDAD8BE-859F-4AA2-AD3B-5161B48F9E53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{945379EE-976C-4230-8BD3-2F167036FBC8}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{449C9150-DCC0-40BF-B652-A6BC44DE04E8}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{ECDA228C-6ADB-4667-9C40-56860D12F3E2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{3270D585-44CD-4E9B-A49C-58D78394A178}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{3A727569-410B-44DF-B7AF-A49500953AD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EAF85D70-9554-4F33-BFC7-B5C990A93AA8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{3F3A5123-9E6C-4A36-BACA-10333C80517C}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FE2E74A2-0A0D-42FB-96D6-60F42C2AAD74}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3CD45308-0172-45D7-AC76-D54B5953E962}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DD2C8E17-54D2-4998-A607-99E425CC8593}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

29-11-2017 12:39:09 Scheduled Checkpoint
06-12-2017 09:10:27 Norton_Power_Eraser_20171206091020080
06-12-2017 09:34:33 Installed Sophos Virus Removal Tool.
07-12-2017 08:37:32 Removed Sophos Virus Removal Tool.
07-12-2017 12:06:06 Punto di controllo di HitmanPro
07-12-2017 12:07:18 Punto di controllo di HitmanPro
08-12-2017 18:00:38 Revo Uninstaller's restore point - Spotify

==================== Faulty Device Manager Devices =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2017 07:30:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/11/2017 07:30:40 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (12/10/2017 08:05:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2017 08:05:08 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (12/10/2017 10:21:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2017 10:21:35 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (12/09/2017 10:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6126628

Error: (12/09/2017 10:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6126628

Error: (12/09/2017 10:39:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/09/2017 10:39:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6121402


System errors:
=============
Error: (12/11/2017 07:32:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2017 07:31:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2017 07:31:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare Application Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/11/2017 07:31:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect.

Error: (12/11/2017 07:30:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/10/2017 10:22:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (12/10/2017 08:06:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2017 08:06:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2017 08:05:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
The system cannot find the path specified.

Error: (12/10/2017 02:52:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 79%
Total physical RAM: 4003.19 MB
Available physical RAM: 828.2 MB
Total Virtual: 8004.56 MB
Available Virtual: 3883.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:294.05 GB) NTFS
Drive d: (FM2011) (CDROM) (Total:2.53 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0DF3601D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
topside smudger
Active Member
 
Posts: 1
Joined: December 11th, 2017, 10:15 am
Advertisement
Register to Remove

Re: Infected with "HTML:RedirME-inf [trg]"

Unread postby pgmigg » December 12th, 2017, 12:09 pm

Hello topside smudger,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Infected with "HTML:RedirME-inf [trg]"

Unread postby pgmigg » December 12th, 2017, 12:46 pm

Hello topside smudger,

Warning! License issue with Microsoft Office Enterprise 2007
The Microsoft Office Enterprise 2007 is not sold to individual home computer users and hence is not generally legal on a home computer.

Per our policy concerning illegally licensed software, I can offer you no further assistance as long as you have Microsoft Office Enterprise 2007 installed.

I strongly recommend that you uninstall Microsoft Office Enterprise 2007 however that choice is up to you.
  • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
  • If you choose to remove this program then perform the following steps:
    1. Please press the Windows Key + R.
    2. Enter appwiz.cpl into the text box and click OK.
    3. Locate the following programs:
      MS Office Enterprise 2007
    4. Click on the Change/Remove button to uninstall it.
    5. When the program have been uninstalled, please close Control Panel
    6. Reboot (restart) your computer.

    Step 1.
    Run CKScanner
    1. Please download CKScanner from Here
    2. Important: - Save it to your Desktop.
    3. Double-click CKScanner.exe and click Search For Files.
    4. After a very short time, when the cursor hourglass disappears, click Save List To File.
    5. A message box will verify the file saved.
    6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    Step 2.
    TSG - SysInfo utility
    1. Please download SysInfo utility and save it to your Desktop.
    2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
    3. Right click, select copy and then paste in your next post.

    Then:
    Please tell me is this computer used for business purposes and connected to a business or educational network?
    I need to know it - so I can provide the proper instructions.

    Please include in your next reply:
    1. Do you have any problems executing the instructions?
    2. Your decision about Microsoft Office Enterprise 2007
    3. Contents of CKFiles.txt log file
    4. Contents of SysInfo scan
    5. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Infected with "HTML:RedirME-inf [trg]"

Unread postby pgmigg » December 15th, 2017, 2:34 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 119 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware