Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer sporadically freezing...is it malware? [Solved]

Started by BrianR1976 , Mar 05 2017 10:43 PM

  • This topic is locked This topic is locked

#1
BrianR1976
Posted 05 March 2017 - 10:43 PM

BrianR1976

    Member

  • Member
  • PipPipPip
  • 355 posts

Hello,

 

My computer has a weird problem. I will be browsing the internet and sporadically it will freeze up. The mouse stops, the page stops, videos stop, everything stops....well sometimes if I am listening to music that will continue playing other times it will stop. I had thought that maybe it was just the browser and switched to a different one but it happens there too. So it has to be something with the computer...right? I have turned off everything that isn't needed on startup and have a decent enough amount of RAM (I can run Photoshop and Dreamweaver at the same time) so I don't think its a memory issue.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by BReese76 (administrator) on BREESE76-HP (05-03-2017 21:33:07)
Running from C:\Users\BReese76\Desktop
Loaded Profiles: BReese76 (Available Profiles: BReese76)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\BReese76\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [Spotify Web Helper] => C:\Users\BReese76\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-14] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5E1B1D25-767C-4FD6-AE4C-55CFC5626C29}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E745E9B4-9BA4-4154-BDFC-4B77998EAAFE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {A3F3D8FE-86AE-4813-B96F-A656930924FD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-09-26] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-09] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-09-26] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: LeapFTP Internet Explorer Hook -> {A5479DA1-7843-43A7-B5C0-BE342C77B629} -> C:\Program Files (x86)\LeapFTP 3.0\lftpie.dll [2010-10-30] (LeapWare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default [2017-03-05]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7movo481.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7movo481.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\7movo481.default -> hxxp:/www.google.com
FF Extension: (Simple Popup Blocker) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\@simplepopupblocker.xpi [2016-02-25]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2016-06-02]
FF Extension: (Hard Refresh) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2016-04-27]
FF Extension: (YouTube™ Flash® Player) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2017-01-08]
FF Extension: (Save File to) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2016-02-22]
FF Extension: (uBlock Origin) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2017-03-04]
FF Extension: (Ebates Cash Back) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-02-27]
FF Extension: (Download Status Bar) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-26]
FF Extension: (Password Exporter) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-05]
FF Extension: (Adblock Plus) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\features\{acf1c528-7218-4a93-be5e-cc086d04daff}\[email protected] [2017-03-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] -  => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.14.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-23] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.14 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-09-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.14.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-23] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-239473584-822298280-3168733615-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-10-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-10-23] (RealPlayer Cloud)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default [2017-03-04]
CHR Extension: (Google Slides) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Cast) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-03-04]
CHR Extension: (Google Search) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-02-23]
CHR Extension: (Avast SafePrice) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-23]
CHR Extension: (Google Sheets) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Google Docs Offline) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
CHR Extension: (AdBlock) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-24]
CHR Extension: (Yahoo Partner) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-08-18]
CHR Extension: (Avast Online Security) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (GIFit!) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoojcphcmgcplkpckkjpdlloooifgec [2016-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-13] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719040 2016-08-10] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-09-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31344 2014-09-26] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
S3 cmnxusbser; C:\windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R3 netr28x; C:\windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-05-14] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 21:33 - 2017-03-05 21:33 - 00029868 _____ C:\Users\BReese76\Desktop\FRST.txt
2017-03-05 21:32 - 2017-03-05 21:33 - 00000000 ____D C:\FRST
2017-03-05 21:32 - 2017-03-05 21:32 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-05 21:31 - 2017-03-05 21:31 - 02423808 _____ (Farbar) C:\Users\BReese76\Desktop\FRST64.exe
2017-03-04 14:35 - 2017-03-04 14:35 - 00000000 ____D C:\Users\BReese76\Desktop\East of West
2017-03-04 14:34 - 2017-03-04 14:34 - 00000000 ____D C:\Users\BReese76\Desktop\Sex Criminals
2017-03-04 14:34 - 2017-03-04 14:34 - 00000000 ____D C:\Users\BReese76\Desktop\Homer, E.V. Rieu , Peter Jones , D.C.H. Rieu (Translation revision) - The Odyssey (epub, mobi)
2017-03-01 22:01 - 2017-03-01 22:01 - 00000000 ____D C:\Users\BReese76\Desktop\Windows 10 Exam Part 2
2017-03-01 21:29 - 2017-03-01 21:29 - 08851899 _____ C:\Users\BReese76\Desktop\dog.psd
2017-03-01 21:26 - 2017-03-01 21:32 - 05275470 _____ C:\Users\BReese76\Desktop\Balloons.psd
2017-03-01 21:12 - 2017-03-01 21:12 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6a39216e3cc3d9f8
2017-03-01 21:12 - 2017-03-01 21:12 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign11e731236b9613b1
2017-03-01 21:11 - 2017-03-01 21:11 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignce953d793a3ad88e
2017-03-01 21:11 - 2017-03-01 21:11 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigna973bad09a370cea
2017-02-28 22:51 - 2017-02-28 22:51 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign0a7aacf5dbc81ee9
2017-02-28 22:49 - 2017-02-28 22:49 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3c214f0511786d5d
2017-02-28 22:48 - 2017-02-28 22:48 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign9e274fc9d43df732
2017-02-28 22:48 - 2017-02-28 22:48 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3cf1c861b3b8ea3d
2017-02-27 21:33 - 2017-02-27 21:33 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-24 22:50 - 2017-02-24 22:50 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign7285e58414891e3e
2017-02-24 22:50 - 2017-02-24 22:50 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign5094aefe2f2054f0
2017-02-24 22:49 - 2017-02-24 22:49 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6c7fd61419fa1bf3
2017-02-24 22:49 - 2017-02-24 22:49 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign4a460a14ef5420d6
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignc681026e631b6f6d
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign9604a43622648be6
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign2a82700939732994
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign201de7992df5a0d4
2017-02-23 22:59 - 2017-03-01 21:33 - 00001456 _____ C:\Users\BReese76\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-02-23 22:58 - 2017-02-23 22:58 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigna48feca0134059ec
2017-02-23 22:58 - 2017-02-23 22:58 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign87ddd3e735f0234d
2017-02-23 22:57 - 2017-02-23 22:57 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign462a248ef9291a56
2017-02-23 22:57 - 2017-02-23 22:57 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign248b90a28dbb9229
2017-02-23 22:56 - 2017-03-03 10:17 - 00000000 ____D C:\Users\BReese76\AppData\Local\Adobe
2017-02-22 21:37 - 2017-02-22 21:37 - 00000000 ____D C:\Users\BReese76\Desktop\Windows 10 Exam Part 1
2017-02-20 14:18 - 2017-02-20 14:18 - 00000484 _____ C:\Users\BReese76\Desktop\Bourbon Molasses Glaze.txt
2017-02-19 23:07 - 2017-02-19 23:07 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignf44a0dcfee2abd0c
2017-02-19 23:06 - 2017-02-19 23:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign89d7d13afa6527a5
2017-02-19 23:06 - 2017-02-19 23:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign440fbeff6308ddc0
2017-02-19 23:06 - 2017-02-19 23:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign105b236749ef9d74
2017-02-19 21:47 - 2017-02-19 21:47 - 00190197 _____ C:\Users\BReese76\Desktop\Senior-Valuation-Protection-Form 2017.pdf
2017-02-18 11:31 - 2017-02-18 11:31 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign4968878785736386
2017-02-18 11:28 - 2017-02-18 11:28 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignb3699f4a021426f6
2017-02-18 11:28 - 2017-02-18 11:28 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign33fb70268f6058b3
2017-02-17 23:41 - 2017-02-17 23:41 - 00000000 ____D C:\Users\BReese76\Desktop\Windows 10 Prep Exam 1B
2017-02-17 23:40 - 2017-02-17 23:40 - 00020118 ____R C:\Users\BReese76\Desktop\Windows 10 Exam Part 2 InstructionsUPDATEDV2.pdf
2017-02-17 23:38 - 2017-02-17 23:38 - 00034760 _____ C:\Users\BReese76\Desktop\ALTERNATIVE Exam Part  I CIS121.pdf
2017-02-17 14:30 - 2017-02-17 14:30 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigne96a8443ab691aa7
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6dec2330587333a2
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6b230d199e143ddc
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3a3799bd4f71a2ac
2017-02-17 13:28 - 2017-02-17 13:28 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign91ee50bcdbc664e4
2017-02-17 13:24 - 2017-02-17 13:24 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignf161076710519246
2017-02-17 13:24 - 2017-02-17 13:24 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignaaefe4a8b99378fd
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign8cc0a46b680cc325
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign718e63f759c527b6
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign4698710cbd090513
2017-02-10 16:44 - 2017-02-10 16:44 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignbe62df48a041ba67
2017-02-10 16:27 - 2017-02-10 16:27 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign41c4f1a386c44f81
2017-02-10 16:23 - 2017-02-10 16:23 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignf52237a24ebbf983
2017-02-10 16:23 - 2017-02-10 16:23 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignab09152e1690c1b3
2017-02-10 13:27 - 2017-02-10 13:27 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign11f5ecd75dfe3331
2017-02-10 13:26 - 2017-02-10 13:26 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigne90105bafa462bf9
2017-02-10 13:26 - 2017-02-10 13:26 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign999ce8cbc1c27760
2017-02-09 21:35 - 2017-02-09 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-09 21:34 - 2017-02-09 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-09 21:23 - 2017-02-09 21:23 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-08 22:30 - 2017-02-08 22:30 - 00003914 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-02-08 22:30 - 2017-02-08 22:28 - 00334600 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-02-08 22:30 - 2017-02-08 22:28 - 00309784 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 22:30 - 2017-02-08 22:28 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-02-08 22:30 - 2017-02-08 22:28 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-02-08 22:29 - 2017-02-08 22:29 - 00398408 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-02-08 21:51 - 2017-02-08 23:39 - 00000000 ___RD C:\Users\BReese76\OneDrive - Maricopa Community College District
2017-02-08 21:51 - 2017-02-08 21:51 - 20466392 _____ (Microsoft Corporation) C:\Users\BReese76\Downloads\OneDriveSetup.exe
2017-02-04 22:03 - 2017-02-04 22:03 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6518870d2aa58ab6
2017-02-04 22:03 - 2017-02-04 22:03 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign51ee84e037db6462
2017-02-04 22:03 - 2017-02-04 22:03 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign01a69c53c1b1bcac
2017-02-04 20:52 - 2017-02-04 20:52 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3182805edc72f7b5
2017-02-04 20:52 - 2017-02-04 20:52 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign21a389ae17878d96
2017-02-04 20:52 - 2017-02-04 20:52 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign13ad992ec0e03c4f

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 21:31 - 2015-06-12 13:06 - 00000930 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA.job
2017-03-05 21:27 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-05 21:27 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-05 21:22 - 2012-12-13 15:38 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A740816E-472C-470B-BBCC-E6BEE266ED51}
2017-03-05 21:21 - 2016-11-15 21:55 - 00000000 ____D C:\Users\BReese76\AppData\LocalLow\Mozilla
2017-03-05 21:17 - 2012-11-21 21:17 - 00000000 ____D C:\ProgramData\PDFC
2017-03-05 21:17 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-04 22:55 - 2013-05-15 09:12 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-03-04 13:26 - 2017-01-05 10:02 - 00010498 _____ C:\Users\BReese76\Desktop\Bills.xlsx
2017-03-04 12:53 - 2016-12-01 21:28 - 00001591 _____ C:\Users\BReese76\Desktop\Nests.txt
2017-03-04 08:53 - 2015-12-22 22:39 - 00001175 _____ C:\Users\BReese76\Desktop\bands to listen to.txt
2017-03-04 08:30 - 2014-02-07 13:56 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForBReese76.job
2017-03-03 12:27 - 2014-02-07 13:56 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForBReese76
2017-03-02 22:00 - 2016-09-08 22:52 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\CoreFTP
2017-03-01 21:35 - 2017-01-12 13:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-01 21:33 - 2012-11-21 21:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-01 00:05 - 2015-10-01 23:36 - 00000000 ____D C:\Users\BReese76\Downloads\Birthday
2017-02-28 15:43 - 2015-06-12 13:06 - 00000878 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core.job
2017-02-27 21:33 - 2013-05-19 13:54 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\Dropbox
2017-02-24 23:50 - 2016-07-17 17:08 - 00000207 _____ C:\Users\BReese76\Desktop\Erin Owes Me.txt
2017-02-23 22:01 - 2016-01-03 11:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-23 21:07 - 2017-01-13 13:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 00:15 - 2013-07-13 15:34 - 00000000 ____D C:\windows\system32\MRT
2017-02-23 00:12 - 2012-12-13 16:35 - 138020592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-02-22 21:40 - 2012-11-21 21:17 - 00000000 ____D C:\ProgramData\Skype
2017-02-21 23:30 - 2013-02-25 22:40 - 00000000 ____D C:\Users\BReese76\AppData\Local\Spotify
2017-02-21 22:35 - 2013-02-25 22:40 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\Spotify
2017-02-20 11:24 - 2009-07-13 22:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2017-02-20 11:24 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-02-17 23:42 - 2017-01-12 14:10 - 00000000 ___RD C:\Users\BReese76\OneDrive
2017-02-16 21:24 - 2016-03-23 18:20 - 00003898 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458782453
2017-02-15 22:55 - 2013-05-15 09:12 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 22:55 - 2012-11-21 21:15 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 22:55 - 2012-11-21 21:15 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 22:55 - 2012-11-21 21:15 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-15 22:55 - 2012-11-21 21:15 - 00000000 ____D C:\windows\system32\Macromed
2017-02-15 21:39 - 2012-12-13 15:38 - 00000000 ____D C:\Users\BReese76\AppData\Local\PDFC
2017-02-13 22:32 - 2012-12-13 15:47 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-11 23:17 - 2013-05-19 13:56 - 00000000 ___RD C:\Users\BReese76\Dropbox
2017-02-10 12:33 - 2013-03-05 13:29 - 00337080 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2017-02-09 21:35 - 2015-08-26 22:00 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-02-09 21:35 - 2015-08-26 21:59 - 00000000 ____D C:\Program Files\Java
2017-02-09 21:34 - 2013-01-01 14:18 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-02-08 22:29 - 2016-03-23 18:20 - 00032088 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-02-08 22:29 - 2014-04-24 14:00 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-02-08 22:29 - 2013-12-27 12:08 - 00162528 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-02-08 22:29 - 2013-03-05 13:29 - 00074680 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00991496 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00547904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00126088 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00100640 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-02-08 21:51 - 2012-12-13 15:31 - 00000000 ____D C:\Users\BReese76
2017-02-07 13:49 - 2014-11-06 00:07 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-09-16 12:46 - 2016-09-16 12:46 - 0000132 _____ () C:\Users\BReese76\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-30 21:07 - 2016-12-01 14:04 - 0000033 _____ () C:\Users\BReese76\AppData\Roaming\AdobeWLCMCache.dat
2017-02-23 22:59 - 2017-03-01 21:33 - 0001456 _____ () C:\Users\BReese76\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-10 21:16 - 2013-11-10 21:16 - 0002647 _____ () C:\Users\BReese76\AppData\Local\recently-used.xbel
2016-06-06 21:03 - 2016-06-06 21:03 - 0007597 _____ () C:\Users\BReese76\AppData\Local\Resmon.ResmonCfg
2012-12-21 23:09 - 2012-12-21 23:15 - 0000819 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2017-02-24 13:47 - 2017-02-24 13:47 - 2903480 _____ () C:\Users\BReese76\AppData\Local\Temp\npp.7.3.2.Installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-28 14:34

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by BReese76 (05-03-2017 21:36:33)
Running from C:\Users\BReese76\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-13 22:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239473584-822298280-3168733615-500 - Administrator - Disabled)
BReese76 (S-1-5-21-239473584-822298280-3168733615-1001 - Administrator - Enabled) => C:\Users\BReese76
Guest (S-1-5-21-239473584-822298280-3168733615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-239473584-822298280-3168733615-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ActivePerl 5.16.1 Build 1601 (HKLM-x32\...\{9441AF70-8CCC-41EE-B2C1-398F5FE7E387}) (Version: 5.16.1601 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AMD Catalyst Install Manager (HKLM\...\{FEAA5D71-B0FB-4EF9-729F-8AE42500AF41}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre (HKLM-x32\...\{1F1FE718-ACE3-4D26-A9F0-7F443B3526F1}) (Version: 2.77.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepSkyStacker (HKLM-x32\...\{18435829-4E75-4CD1-9796-A62DBBAE2ED7}) (Version: 3.2.0 -  )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version:  - Bethesda Softworks)
Fantasy Hockey League (HKLM-x32\...\ST5UNST #1) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
FITS Liberator 3.0.1 (HKLM-x32\...\FITS Liberator) (Version: 3.0.1 - ESO/ESA/NASA)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LeapFTP 3.0 (HKLM-x32\...\LeapFTP 3.0_is1) (Version: 3.1.0.50 - LeapWare)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Noiseware Community Edition (HKLM-x32\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6305 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
RealDownloader (x32 Version: 17.0.14.26 - RealNetworks) Hidden
RealDownloader (x32 Version: 17.0.14.8 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.14 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Spotify (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Stellarium 0.12.1 (HKLM\...\Stellarium_is1) (Version: 0.12.1 - Stellarium team)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000A66B4-C5A7-40C0-ABE1-08F62EE40AAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0406DBBA-40CE-4240-AD94-F886564B8268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {0BA293D4-F286-405D-9528-31DE9FBE2D7F} - System32\Tasks\{BD2F09FE-1C3C-4F9E-A784-8CEBADF2026B} => C:\FHL\FHL.exe
Task: {14305C65-140D-4A7C-ACD7-3B23F11FD8EB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-239473584-822298280-3168733615-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-09-26] (RealNetworks, Inc.)
Task: {1E00BF53-E352-4DA4-B795-01FED872799B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {208CF033-9271-4CC3-8BFF-B522E1187478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {2C4E2AFC-80B7-46C7-B26D-5180FE33866A} - System32\Tasks\{8B25D408-4E28-43DA-94EF-35438DECEE3C} => C:\FHL\FHL.exe
Task: {30824113-9F73-47F0-B96F-3B85647F9655} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-18] (Microsoft Corporation)
Task: {32B0AA4F-52BC-42AE-B6D7-BFBF6E75664C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {33076945-963E-4EC4-A13C-EB638BBC2955} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {35BC159C-ED13-4B67-8077-239CF04152FE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-18] (Microsoft Corporation)
Task: {37E9AF6B-B21B-4B9E-9C7F-CC29BDF82AA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-18] (Microsoft Corporation)
Task: {3D437A45-177D-4FE2-BBF9-627A97EF74B5} - System32\Tasks\SafeZone scheduled Autoupdate 1458782453 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {46A5A90B-A669-442B-8B6B-FF40C235C02E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {47BCBAF8-EDF6-4720-AA30-A26592B1263C} - System32\Tasks\{D14CF766-1BD2-47AE-8D73-433264AE42A0} => C:\FHL\FHL.exe
Task: {5029C1CA-5BCE-4679-A841-B76E8DFF3FC8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5413864E-39F1-4188-87F0-3DCCA3C3468F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {6D1A6026-BC31-47D6-A7D9-500ABA4418B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {71C72963-083F-43FA-B06C-6389782134C7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {75C8E018-FAF0-4181-980B-8D0C5400D07E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {78E8953C-1A35-4DDC-B8D7-0C722EE7D206} - System32\Tasks\{9A14A599-D6A5-4299-B950-4D2D42C1F21D} => C:\FHL\FHL.exe
Task: {79FBD397-7388-485E-82FD-88AC6D41044E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {7F4F9CB4-DBBE-40C9-B1DB-313114D17286} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-09-23] ()
Task: {804ED0C8-DAED-4907-AE08-75451D38BC97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9420A5AA-43B0-436C-844D-D60495D91273} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {98CDD0C4-43A3-4FE9-B679-1175161AB29C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {9CB1120C-48FE-45A1-839E-D793E9AED94B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B2108048-5F0E-42ED-911A-9F8077542E4F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
Task: {BAD5407C-EF68-4424-9623-ECDD618259FE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {BC0B38A5-D4D5-46F8-AFBD-29638758B612} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DB86F45A-282F-46F0-96F1-A28BD194C79D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-239473584-822298280-3168733615-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-09-26] (RealNetworks, Inc.)
Task: {DD52C87E-4609-412A-86BB-202F72952263} - System32\Tasks\HPCeeScheduleForBReese76 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E1B6B798-9441-40EB-9570-E1BECCE16728} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {E5937814-01F5-4765-A731-3DD78EE5817F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {E80EF42B-9B23-4E55-812F-D46A4C437637} - System32\Tasks\{26E3AFF3-8AA0-4B3F-AA20-44E7D417C089} => C:\FHL\FHL.exe
Task: {E870D75C-F851-459E-B3F8-6BB7B63CDA68} - System32\Tasks\Java Check => “C:\Program
Task: {E9348A4E-9932-4F16-A079-233DC63FBF06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FD319211-8999-4D2C-9369-886A2EDA5CEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-02-10] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core.job => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA.job => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForBReese76.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-20 22:09 - 2013-06-17 16:40 - 00035944 _____ () C:\windows\system32\ddmon4-64x.dll
2014-09-26 10:18 - 2014-09-26 10:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-09-26 15:14 - 2014-09-26 15:14 - 00031344 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2017-02-08 22:28 - 2017-02-08 22:28 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-02-08 22:29 - 2017-02-08 22:29 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-01-12 13:57 - 2017-01-29 06:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-12 15:31 - 2017-02-12 15:31 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-04-08 06:59 - 2012-04-08 06:59 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-03-12 16:01 - 2012-03-12 16:01 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-12 16:01 - 2012-03-12 16:01 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2014-09-23 14:54 - 2014-09-23 14:54 - 00551488 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2017-02-08 22:29 - 2017-02-08 22:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-05 21:18 - 2017-03-05 21:18 - 05985944 _____ () C:\Program Files\AVAST Software\Avast\defs\17030503\algo.dll
2017-02-08 22:29 - 2017-02-08 22:29 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-10-23 12:18 - 2014-10-23 12:18 - 00865880 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00035464 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00033400 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00034456 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-06-29 22:04 - 2016-06-29 22:04 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 22:28 - 2017-02-08 22:28 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-09-23 14:05 - 2014-09-23 14:05 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2017-01-12 13:54 - 2017-01-29 02:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Adobe Photoshop CS6 13.0 Final  Multilanguage (patch-PainteR) [ChingLiu]:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-03-05 21:17 - 00001235 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239473584-822298280-3168733615-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^BReese76^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPSYSDRV => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OneDrive => "C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PointsPanel => C:\Program Files\PointsPanel\UsageMonitor.UI.App.exe /StartMinimized
MSCONFIG\startupreg: PointsPanelHealthcheck => C:\Program Files\PointsPanel\UsageMonitor.HealthCheck.exe
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Spotify => "C:\Users\BReese76\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\BReese76\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0B8542F7-FD70-4327-949F-127F4A84F516}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B259E70-941E-4655-8977-5DC4BF573657}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FFE0922C-720A-42C4-A42F-B63DC82A100F}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FC37C057-1513-4B8E-ADD8-1476B61F5F5D}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{217AFBF2-8916-470D-BBD0-D85F456E9B7B}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DBFE9A46-0957-47CE-A7D8-F7CF870B44D3}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC7FE3C7-1F39-47D3-B2FF-127D6D25D9EC}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3D987CC3-AA4D-4B38-A3BA-90AD9EE95858}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2ABF52D6-9371-4A55-9348-4A812C3DAE92}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D5EA0DAC-4AA8-44FF-B91D-8939705F3C56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0CC93ECC-2F11-4119-841E-F6B29B99C46A}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D97F4DAC-CF3C-4A8B-99EF-6ABB5980C457}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3154941E-0CC0-400A-83D1-82108367048F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4297121-341C-4E3B-A21B-E6EFD42D6329}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D98B7D9B-F1F6-41B8-9BC8-5DD84D12B66B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0A524EEF-4EDB-454D-90A7-E95E8B80ADF7}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [UDP Query User{20A58483-044C-4B45-9DD0-63426CECBC97}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{4CA25272-D853-41EC-AD4C-1FE1C8AE791D}] => (Block) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{CADDEA48-DF89-44C4-8802-B4AE570197FD}] => (Block) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{F0778319-8FF4-455E-BD0D-3F7CF626003F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EFAD3D41-FC65-4FF1-900F-E65F681D0D16}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5D843EB7-CF60-4EE4-A4E0-DE42B816B8B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{185F1DBD-3B92-45AD-8FF4-584AF3C42DA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1CE8DF39-5C0F-4FDB-A943-C4FD095C9361}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{C5E19967-A57C-4B28-B3F5-A488653F0B9E}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{F4BE326A-6592-4B5A-943C-7B4E0497D098}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{C9E0521B-BA51-4C7A-BAC8-D5261715CBE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E8B7697-F403-4B7A-8475-E05D4B2C5BF5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\LeapFTP 3.0\LeapFTP.exe] => Enabled:LeapFTP 3.0

==================== Restore Points =========================

03-03-2017 11:18:25 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 09:28:37 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/05/2017 09:28:37 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/05/2017 09:22:03 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/05/2017 09:22:03 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/04/2017 10:00:09 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/04/2017 10:00:09 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/04/2017 12:47:37 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/04/2017 12:47:37 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/04/2017 08:41:52 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/04/2017 08:41:52 AM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (03/05/2017 09:28:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 09:19:59 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (03/05/2017 09:18:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 09:18:29 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (03/05/2017 09:18:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/05/2017 09:18:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/05/2017 09:18:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/05/2017 09:17:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (03/04/2017 11:26:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/04/2017 11:16:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-08-14 12:05:37.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-14 12:05:37.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 21:57:08.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 21:57:08.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 07:26:34.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 07:26:34.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 11:18:58.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 11:18:58.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 22:01:42.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 22:01:41.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 41%
Total physical RAM: 6100.01 MB
Available physical RAM: 3554.68 MB
Total Virtual: 12198.21 MB
Available Virtual: 9371.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.65 GB) (Free:564.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.64 GB) (Free:2.07 GB) NTFS
Drive g: () (Removable) (Total:0.48 GB) (Free:0.08 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4C3DA384)

Partition: GPT.

========================================================
Disk: 2 (Size: 488.7 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Thanks


  • 0

Advertisements

#2
Bruce1270
Posted 10 March 2017 - 03:14 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello BrianR1976 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Disable your anti virus for the duration of the instructions.

    Step1 - AdwCleaner

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1_zpsfhqm5c1w.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    TCP/IP Settings
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step2 - Junkware Removal Tool


    Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.


    Questions - how long has the symptoms been present? Has there been any recent changes to the hardware?

    Things for your next post:
  • AdwCleaner[C*].txt
  • JRT.txt
  • Reply to my questions.

  • 0

#3
BrianR1976
Posted 10 March 2017 - 04:25 PM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Thanks for the help. It's been happening for a while. I don't recall when it started. It's one of those things that its really just an annoyance more than anything. I don't think I have made any hardware changes in the life of the computer. I think it only happens when I am using a web browser.

 

# AdwCleaner v6.044 - Logfile created 10/03/2017 at 15:01:24
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-10.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : BReese76 - BREESE76-HP
# Running from : C:\Users\BReese76\Desktop\adwcleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-239473584-822298280-3168733615-1001\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion


***** [ Web browsers ] *****

[-] [C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: Chrome policies deleted
:: Chrome preferences reset: C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1397 Bytes] - [10/03/2017 15:01:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [1475 Bytes] - [10/03/2017 14:59:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1543 Bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64
Ran by BReese76 (Limited) on Fri 03/10/2017 at 15:13:20.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\Users\BReese76\AppData\Local\{15EA8BF9-D468-4E85-AD8C-0C46A5260496} (Empty Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\{1D33ECA6-2E28-4D4F-B1BA-A7EDD64D77C4} (Empty Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\{4C984085-7252-4134-9E69-2CDE1D0DCF20} (Empty Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\{95149002-DC8D-419B-A551-E82BDAACCDD5} (Empty Folder)
Successfully deleted: C:\Users\BReese76\Documents\add-in express (Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21M5YQVJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWYY0C90 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9CW4PCR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\BReese76\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KA01WXOU (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21M5YQVJ (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWYY0C90 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9CW4PCR (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KA01WXOU (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/10/2017 at 15:15:56.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#4
Bruce1270
Posted 10 March 2017 - 04:44 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi BrianR1976

Thanks for the information.

We'll run a malwarebytes scan. Download the latest version. It will detect any previous versions and remove them.


favicon-32x32.png Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

10a.png

After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.

13a.png

Put a checkmark on all detected and click on "Quarantine Selected"

18a.png

Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

19a.png

Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


Then run fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • MBAM log
  • FRST.txt and Addition.txt
  • Are you still experiencing the freezes?

  • 0

#5
BrianR1976
Posted 10 March 2017 - 05:16 PM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

A freeze actually happened when I was posting my first replies a little while ago. It hasnt happened since but like I said, its sporadic :)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/10/17
Scan Time: 3:51 PM
Logfile: scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1471
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BReese76-HP\BReese76

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391046
Time Elapsed: 13 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by BReese76 (administrator) on BREESE76-HP (10-03-2017 16:08:58)
Running from C:\Users\BReese76\Desktop
Loaded Profiles: BReese76 (Available Profiles: BReese76)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\BReese76\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [Spotify Web Helper] => C:\Users\BReese76\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5E1B1D25-767C-4FD6-AE4C-55CFC5626C29}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E745E9B4-9BA4-4154-BDFC-4B77998EAAFE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {A3F3D8FE-86AE-4813-B96F-A656930924FD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-09-26] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-08] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-09] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-09-26] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-08] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: LeapFTP Internet Explorer Hook -> {A5479DA1-7843-43A7-B5C0-BE342C77B629} -> C:\Program Files (x86)\LeapFTP 3.0\lftpie.dll [2010-10-30] (LeapWare)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default [2017-03-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7movo481.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\7movo481.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\7movo481.default -> hxxp:/www.google.com
FF Extension: (Simple Popup Blocker) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\@simplepopupblocker.xpi [2016-02-25]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2016-06-02]
FF Extension: (Hard Refresh) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2016-04-27]
FF Extension: (YouTube™ Flash® Player) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2017-01-08]
FF Extension: (Save File to) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2016-02-22]
FF Extension: (uBlock Origin) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\[email protected] [2017-03-04]
FF Extension: (Ebates Cash Back) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-02-27]
FF Extension: (Download Status Bar) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-26]
FF Extension: (Password Exporter) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-04-05]
FF Extension: (Adblock Plus) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\7movo481.default\features\{acf1c528-7218-4a93-be5e-cc086d04daff}\[email protected] [2017-03-02]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] -  => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.14.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-23] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.14 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-09-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.14.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-23] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-239473584-822298280-3168733615-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-10-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-10-23] (RealPlayer Cloud)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-13] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1719040 2016-08-10] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-13] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-09-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-23] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31344 2014-09-26] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\windows\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\windows\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\windows\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
R0 aswVmm; C:\windows\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
S3 cmnxusbser; C:\windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-10] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [111544 2017-03-10] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-10] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [82208 2017-03-10] (Malwarebytes)
R3 netr28x; C:\windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-05-14] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 16:08 - 2017-03-10 16:08 - 00001100 _____ C:\Users\BReese76\Desktop\scan.txt
2017-03-10 16:08 - 2017-03-10 16:08 - 00000000 ____D C:\Users\BReese76\Desktop\FRST-OlderVersion
2017-03-10 15:50 - 2017-03-10 15:51 - 00082208 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-03-10 15:50 - 2017-03-10 15:50 - 00186304 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-03-10 15:50 - 2017-03-10 15:50 - 00111544 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-03-10 15:50 - 2017-03-10 15:50 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-03-10 15:49 - 2017-03-10 15:49 - 57131432 _____ (Malwarebytes ) C:\Users\BReese76\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-10 15:49 - 2017-03-10 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-10 15:49 - 2017-03-10 15:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-10 15:49 - 2017-02-24 06:23 - 00077408 _____ C:\windows\system32\Drivers\mbae64.sys
2017-03-10 15:31 - 2017-03-10 15:31 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-10 15:15 - 2017-03-10 15:16 - 00002396 _____ C:\Users\BReese76\Desktop\JRT.txt
2017-03-10 15:11 - 2017-03-10 15:11 - 01663736 _____ (Malwarebytes) C:\Users\BReese76\Desktop\JRT.exe
2017-03-10 15:05 - 2017-03-10 15:05 - 00001626 _____ C:\Users\BReese76\Desktop\AdwCleaner[C0].txt
2017-03-10 14:32 - 2017-03-10 15:10 - 00000000 ____D C:\AdwCleaner
2017-03-10 14:30 - 2017-03-10 14:30 - 04031440 _____ C:\Users\BReese76\Desktop\adwcleaner_6.044.exe
2017-03-10 14:23 - 2017-03-10 14:27 - 03324334 _____ C:\Users\BReese76\Desktop\Finland.pptx
2017-03-09 20:42 - 2017-03-09 20:42 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-07 21:10 - 2017-03-07 21:10 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigna5ef1c6ef2a63e2d
2017-03-07 21:10 - 2017-03-07 21:10 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign2e116de4b21fd66f
2017-03-07 21:10 - 2017-03-07 21:10 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign00df49e2e0f96212
2017-03-07 21:09 - 2017-03-07 21:11 - 00000000 ____D C:\Users\BReese76\AppData\Local\Adobe
2017-03-07 21:05 - 2017-03-07 21:15 - 00000000 ____D C:\Users\BReese76\Desktop\Finland Project Plan
2017-03-05 21:43 - 2017-03-05 21:44 - 00000000 ____D C:\Users\BReese76\Desktop\CIS121
2017-03-05 21:36 - 2017-03-05 21:38 - 00059233 _____ C:\Users\BReese76\Desktop\Addition.txt
2017-03-05 21:33 - 2017-03-10 16:09 - 00027939 _____ C:\Users\BReese76\Desktop\FRST.txt
2017-03-05 21:32 - 2017-03-10 16:08 - 00000000 ____D C:\FRST
2017-03-05 21:31 - 2017-03-10 16:08 - 02423808 _____ (Farbar) C:\Users\BReese76\Desktop\FRST64.exe
2017-03-04 14:35 - 2017-03-04 14:35 - 00000000 ____D C:\Users\BReese76\Desktop\East of West
2017-03-04 14:34 - 2017-03-04 14:34 - 00000000 ____D C:\Users\BReese76\Desktop\Sex Criminals
2017-03-04 14:34 - 2017-03-04 14:34 - 00000000 ____D C:\Users\BReese76\Desktop\Homer, E.V. Rieu , Peter Jones , D.C.H. Rieu (Translation revision) - The Odyssey (epub, mobi)
2017-03-01 21:12 - 2017-03-01 21:12 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6a39216e3cc3d9f8
2017-03-01 21:12 - 2017-03-01 21:12 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign11e731236b9613b1
2017-03-01 21:11 - 2017-03-01 21:11 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignce953d793a3ad88e
2017-03-01 21:11 - 2017-03-01 21:11 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigna973bad09a370cea
2017-02-28 22:51 - 2017-02-28 22:51 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign0a7aacf5dbc81ee9
2017-02-28 22:49 - 2017-02-28 22:49 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3c214f0511786d5d
2017-02-28 22:48 - 2017-02-28 22:48 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign9e274fc9d43df732
2017-02-28 22:48 - 2017-02-28 22:48 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3cf1c861b3b8ea3d
2017-02-24 22:50 - 2017-02-24 22:50 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign7285e58414891e3e
2017-02-24 22:50 - 2017-02-24 22:50 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign5094aefe2f2054f0
2017-02-24 22:49 - 2017-02-24 22:49 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6c7fd61419fa1bf3
2017-02-24 22:49 - 2017-02-24 22:49 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign4a460a14ef5420d6
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignc681026e631b6f6d
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign9604a43622648be6
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign2a82700939732994
2017-02-24 14:02 - 2017-02-24 14:02 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign201de7992df5a0d4
2017-02-23 22:58 - 2017-02-23 22:58 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigna48feca0134059ec
2017-02-23 22:58 - 2017-02-23 22:58 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign87ddd3e735f0234d
2017-02-23 22:57 - 2017-02-23 22:57 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign462a248ef9291a56
2017-02-23 22:57 - 2017-02-23 22:57 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign248b90a28dbb9229
2017-02-19 23:07 - 2017-02-19 23:07 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignf44a0dcfee2abd0c
2017-02-19 23:06 - 2017-02-19 23:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign89d7d13afa6527a5
2017-02-19 23:06 - 2017-02-19 23:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign440fbeff6308ddc0
2017-02-19 23:06 - 2017-02-19 23:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign105b236749ef9d74
2017-02-18 11:31 - 2017-02-18 11:31 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign4968878785736386
2017-02-18 11:28 - 2017-02-18 11:28 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignb3699f4a021426f6
2017-02-18 11:28 - 2017-02-18 11:28 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign33fb70268f6058b3
2017-02-17 14:30 - 2017-02-17 14:30 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigne96a8443ab691aa7
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6dec2330587333a2
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign6b230d199e143ddc
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign3a3799bd4f71a2ac
2017-02-17 13:28 - 2017-02-17 13:28 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign91ee50bcdbc664e4
2017-02-17 13:24 - 2017-02-17 13:24 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignf161076710519246
2017-02-17 13:24 - 2017-02-17 13:24 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignaaefe4a8b99378fd
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign8cc0a46b680cc325
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign718e63f759c527b6
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign4698710cbd090513
2017-02-10 16:44 - 2017-02-10 16:44 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignbe62df48a041ba67
2017-02-10 16:27 - 2017-02-10 16:27 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign41c4f1a386c44f81
2017-02-10 16:23 - 2017-02-10 16:23 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignf52237a24ebbf983
2017-02-10 16:23 - 2017-02-10 16:23 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsignab09152e1690c1b3
2017-02-10 13:27 - 2017-02-10 13:27 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign11f5ecd75dfe3331
2017-02-10 13:26 - 2017-02-10 13:26 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsigne90105bafa462bf9
2017-02-10 13:26 - 2017-02-10 13:26 - 00000000 ____D C:\Users\BReese76\AppData\Local\Tempzxpsign999ce8cbc1c27760
2017-02-09 21:35 - 2017-02-09 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-09 21:34 - 2017-02-09 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-09 21:23 - 2017-02-09 21:23 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-08 22:30 - 2017-02-08 22:30 - 00003914 _____ C:\windows\System32\Tasks\Avast Emergency Update
2017-02-08 22:30 - 2017-02-08 22:28 - 00334600 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbloga.sys
2017-02-08 22:30 - 2017-02-08 22:28 - 00309784 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsdrivera.sys
2017-02-08 22:30 - 2017-02-08 22:28 - 00189768 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbidsha.sys
2017-02-08 22:30 - 2017-02-08 22:28 - 00048528 _____ (AVAST Software s.r.o.) C:\windows\system32\Drivers\aswbuniva.sys
2017-02-08 22:29 - 2017-02-08 22:29 - 00398408 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-02-08 21:51 - 2017-02-08 23:39 - 00000000 ___RD C:\Users\BReese76\OneDrive - Maricopa Community College District
2017-02-08 21:51 - 2017-02-08 21:51 - 20466392 _____ (Microsoft Corporation) C:\Users\BReese76\Downloads\OneDriveSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 15:55 - 2013-05-15 09:12 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-03-10 15:49 - 2014-08-31 23:11 - 00251840 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-10 15:49 - 2014-08-31 23:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-10 15:49 - 2014-08-31 23:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-10 15:31 - 2015-06-12 13:06 - 00000930 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA.job
2017-03-10 15:31 - 2015-06-12 13:06 - 00000878 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core.job
2017-03-10 15:27 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-10 15:27 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-10 15:21 - 2016-11-15 21:55 - 00000000 ____D C:\Users\BReese76\AppData\LocalLow\Mozilla
2017-03-10 15:21 - 2013-05-19 13:56 - 00000000 ___RD C:\Users\BReese76\Dropbox
2017-03-10 15:18 - 2012-11-21 21:17 - 00000000 ____D C:\ProgramData\PDFC
2017-03-10 15:17 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-03-10 15:03 - 2014-02-07 13:56 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForBReese76.job
2017-03-10 15:03 - 2009-07-13 22:08 - 00032528 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-03-10 13:44 - 2016-03-23 18:20 - 00003898 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458782453
2017-03-10 13:41 - 2014-02-07 13:56 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForBReese76
2017-03-10 13:33 - 2012-12-13 15:38 - 00003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{A740816E-472C-470B-BBCC-E6BEE266ED51}
2017-03-09 23:48 - 2013-02-25 22:40 - 00000000 ____D C:\Users\BReese76\AppData\Local\Spotify
2017-03-09 22:46 - 2013-02-25 22:40 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\Spotify
2017-03-09 21:17 - 2016-12-01 21:28 - 00000712 _____ C:\Users\BReese76\Desktop\Nests.txt
2017-03-09 20:43 - 2015-06-12 13:06 - 00000000 ____D C:\Users\BReese76\AppData\Local\Dropbox
2017-03-09 20:42 - 2013-05-19 13:54 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\Dropbox
2017-03-06 21:36 - 2015-12-22 22:39 - 00001214 _____ C:\Users\BReese76\Desktop\bands to listen to.txt
2017-03-04 13:26 - 2017-01-05 10:02 - 00010498 _____ C:\Users\BReese76\Desktop\Bills.xlsx
2017-03-02 22:00 - 2016-09-08 22:52 - 00000000 ____D C:\Users\BReese76\AppData\Roaming\CoreFTP
2017-03-01 21:35 - 2017-01-12 13:53 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-01 21:33 - 2012-11-21 21:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-01 00:05 - 2015-10-01 23:36 - 00000000 ____D C:\Users\BReese76\Downloads\Birthday
2017-02-24 23:50 - 2016-07-17 17:08 - 00000207 _____ C:\Users\BReese76\Desktop\Erin Owes Me.txt
2017-02-23 22:01 - 2016-01-03 11:50 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-23 21:07 - 2017-01-13 13:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 00:15 - 2013-07-13 15:34 - 00000000 ____D C:\windows\system32\MRT
2017-02-23 00:12 - 2012-12-13 16:35 - 138020592 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-02-22 21:40 - 2012-11-21 21:17 - 00000000 ____D C:\ProgramData\Skype
2017-02-20 11:24 - 2009-07-13 22:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2017-02-20 11:24 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-02-17 23:42 - 2017-01-12 14:10 - 00000000 ___RD C:\Users\BReese76\OneDrive
2017-02-15 22:55 - 2013-05-15 09:12 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 22:55 - 2012-11-21 21:15 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 22:55 - 2012-11-21 21:15 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 22:55 - 2012-11-21 21:15 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-02-15 22:55 - 2012-11-21 21:15 - 00000000 ____D C:\windows\system32\Macromed
2017-02-15 21:39 - 2012-12-13 15:38 - 00000000 ____D C:\Users\BReese76\AppData\Local\PDFC
2017-02-13 22:32 - 2012-12-13 15:47 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-10 12:33 - 2013-03-05 13:29 - 00337080 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2017-02-09 21:35 - 2015-08-26 22:00 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-02-09 21:35 - 2015-08-26 21:59 - 00000000 ____D C:\Program Files\Java
2017-02-09 21:34 - 2013-01-01 14:18 - 00000000 ____D C:\Program Files (x86)\7-Zip
2017-02-08 22:29 - 2016-03-23 18:20 - 00032088 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2017-02-08 22:29 - 2014-04-24 14:00 - 00038296 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-02-08 22:29 - 2013-12-27 12:08 - 00162528 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-02-08 22:29 - 2013-03-05 13:29 - 00074680 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00991496 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00547904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00126088 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-02-08 22:29 - 2012-12-13 15:48 - 00100640 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-02-08 21:51 - 2012-12-13 15:31 - 00000000 ____D C:\Users\BReese76

==================== Files in the root of some directories =======

2016-09-16 12:46 - 2016-09-16 12:46 - 0000132 _____ () C:\Users\BReese76\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-30 21:07 - 2016-12-01 14:04 - 0000033 _____ () C:\Users\BReese76\AppData\Roaming\AdobeWLCMCache.dat
2013-11-10 21:16 - 2013-11-10 21:16 - 0002647 _____ () C:\Users\BReese76\AppData\Local\recently-used.xbel
2016-06-06 21:03 - 2016-06-06 21:03 - 0007597 _____ () C:\Users\BReese76\AppData\Local\Resmon.ResmonCfg
2012-12-21 23:09 - 2012-12-21 23:15 - 0000819 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-10 14:13

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by BReese76 (10-03-2017 16:12:23)
Running from C:\Users\BReese76\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-13 22:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239473584-822298280-3168733615-500 - Administrator - Disabled)
BReese76 (S-1-5-21-239473584-822298280-3168733615-1001 - Administrator - Enabled) => C:\Users\BReese76
Guest (S-1-5-21-239473584-822298280-3168733615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-239473584-822298280-3168733615-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
ActivePerl 5.16.1 Build 1601 (HKLM-x32\...\{9441AF70-8CCC-41EE-B2C1-398F5FE7E387}) (Version: 5.16.1601 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
AMD Catalyst Install Manager (HKLM\...\{FEAA5D71-B0FB-4EF9-729F-8AE42500AF41}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre (HKLM-x32\...\{1F1FE718-ACE3-4D26-A9F0-7F443B3526F1}) (Version: 2.77.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version:  - )
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepSkyStacker (HKLM-x32\...\{18435829-4E75-4CD1-9796-A62DBBAE2ED7}) (Version: 3.2.0 -  )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version:  - Bethesda Softworks)
Fantasy Hockey League (HKLM-x32\...\ST5UNST #1) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
FITS Liberator 3.0.1 (HKLM-x32\...\FITS Liberator) (Version: 3.0.1 - ESO/ESA/NASA)
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 6.0.0.0 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LeapFTP 3.0 (HKLM-x32\...\LeapFTP 3.0_is1) (Version: 3.1.0.50 - LeapWare)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Noiseware Community Edition (HKLM-x32\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6305 - CyberLink Corp.) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
RealDownloader (x32 Version: 17.0.14.26 - RealNetworks) Hidden
RealDownloader (x32 Version: 17.0.14.8 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.14 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Spotify (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stellarium 0.12.1 (HKLM\...\Stellarium_is1) (Version: 0.12.1 - Stellarium team)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000A66B4-C5A7-40C0-ABE1-08F62EE40AAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0406DBBA-40CE-4240-AD94-F886564B8268} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {0BA293D4-F286-405D-9528-31DE9FBE2D7F} - System32\Tasks\{BD2F09FE-1C3C-4F9E-A784-8CEBADF2026B} => C:\FHL\FHL.exe
Task: {14305C65-140D-4A7C-ACD7-3B23F11FD8EB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-239473584-822298280-3168733615-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-09-26] (RealNetworks, Inc.)
Task: {1E00BF53-E352-4DA4-B795-01FED872799B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {208CF033-9271-4CC3-8BFF-B522E1187478} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {2C4E2AFC-80B7-46C7-B26D-5180FE33866A} - System32\Tasks\{8B25D408-4E28-43DA-94EF-35438DECEE3C} => C:\FHL\FHL.exe
Task: {30824113-9F73-47F0-B96F-3B85647F9655} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-18] (Microsoft Corporation)
Task: {32B0AA4F-52BC-42AE-B6D7-BFBF6E75664C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {33076945-963E-4EC4-A13C-EB638BBC2955} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {35BC159C-ED13-4B67-8077-239CF04152FE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-18] (Microsoft Corporation)
Task: {37E9AF6B-B21B-4B9E-9C7F-CC29BDF82AA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-02-18] (Microsoft Corporation)
Task: {46A5A90B-A669-442B-8B6B-FF40C235C02E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {47BCBAF8-EDF6-4720-AA30-A26592B1263C} - System32\Tasks\{D14CF766-1BD2-47AE-8D73-433264AE42A0} => C:\FHL\FHL.exe
Task: {5029C1CA-5BCE-4679-A841-B76E8DFF3FC8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5413864E-39F1-4188-87F0-3DCCA3C3468F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {54A6A8CE-59E1-414D-8600-1F9056346C97} - System32\Tasks\SafeZone scheduled Autoupdate 1458782453 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-03] (Avast Software)
Task: {6D1A6026-BC31-47D6-A7D9-500ABA4418B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {71C72963-083F-43FA-B06C-6389782134C7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {75C8E018-FAF0-4181-980B-8D0C5400D07E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {78E8953C-1A35-4DDC-B8D7-0C722EE7D206} - System32\Tasks\{9A14A599-D6A5-4299-B950-4D2D42C1F21D} => C:\FHL\FHL.exe
Task: {79FBD397-7388-485E-82FD-88AC6D41044E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {7F4F9CB4-DBBE-40C9-B1DB-313114D17286} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-09-23] ()
Task: {804ED0C8-DAED-4907-AE08-75451D38BC97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9420A5AA-43B0-436C-844D-D60495D91273} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {98CDD0C4-43A3-4FE9-B679-1175161AB29C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {9CB1120C-48FE-45A1-839E-D793E9AED94B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B2108048-5F0E-42ED-911A-9F8077542E4F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
Task: {BAD5407C-EF68-4424-9623-ECDD618259FE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {BC0B38A5-D4D5-46F8-AFBD-29638758B612} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C33AE2AE-84FA-4598-97D6-701352E90EC9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {C4216729-9025-4F51-9D20-7AF0E1611309} - System32\Tasks\HPCeeScheduleForBReese76 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {DB86F45A-282F-46F0-96F1-A28BD194C79D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-239473584-822298280-3168733615-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-09-26] (RealNetworks, Inc.)
Task: {E5937814-01F5-4765-A731-3DD78EE5817F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {E80EF42B-9B23-4E55-812F-D46A4C437637} - System32\Tasks\{26E3AFF3-8AA0-4B3F-AA20-44E7D417C089} => C:\FHL\FHL.exe
Task: {E870D75C-F851-459E-B3F8-6BB7B63CDA68} - System32\Tasks\Java Check => “C:\Program
Task: {E9348A4E-9932-4F16-A079-233DC63FBF06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FD319211-8999-4D2C-9369-886A2EDA5CEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core.job => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA.job => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForBReese76.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-20 22:09 - 2013-06-17 16:40 - 00035944 _____ () C:\windows\system32\ddmon4-64x.dll
2014-09-26 10:18 - 2014-09-26 10:18 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-09-26 15:14 - 2014-09-26 15:14 - 00031344 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2017-02-08 22:28 - 2017-02-08 22:28 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-02-08 22:29 - 2017-02-08 22:29 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-01-12 13:57 - 2017-01-29 06:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-12 15:31 - 2017-02-12 15:31 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-23 14:54 - 2014-09-23 14:54 - 00551488 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2012-04-08 06:59 - 2012-04-08 06:59 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-03-12 16:01 - 2012-03-12 16:01 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-12 16:01 - 2012-03-12 16:01 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2017-03-10 15:49 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-10 15:49 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-08 22:29 - 2017-02-08 22:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-10 13:30 - 2017-03-10 13:30 - 05883392 _____ () C:\Program Files\AVAST Software\Avast\defs\17031001\algo.dll
2017-02-08 22:29 - 2017-02-08 22:29 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-10-23 12:18 - 2014-10-23 12:18 - 00865880 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00035464 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00033400 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-09-26 15:13 - 2014-09-26 15:13 - 00034456 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2017-03-09 20:42 - 2017-03-06 13:59 - 00807232 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2016-08-19 13:18 - 2017-02-08 19:19 - 00035792 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-19 13:18 - 2017-02-08 19:19 - 00100296 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-02-10 18:28 - 2017-02-08 19:19 - 00018888 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\select.pyd
2016-02-10 18:28 - 2017-03-06 14:01 - 00019776 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-02-10 18:28 - 2017-02-08 19:19 - 00694224 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00020824 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-08-19 13:18 - 2017-02-08 19:20 - 00123856 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 01682768 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00020816 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-09 20:42 - 2017-02-08 19:19 - 00145864 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-09 20:42 - 2017-02-08 19:20 - 00019408 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-09 20:42 - 2017-02-08 19:19 - 00116688 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-02-10 18:28 - 2017-02-08 19:22 - 00105928 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-19 13:18 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00038712 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00060736 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00024528 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00175560 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-03-09 20:42 - 2017-02-08 19:19 - 00392144 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-09 20:42 - 2017-02-08 19:22 - 00020936 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00116176 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-02-10 18:28 - 2017-03-06 14:01 - 00381760 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00124880 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-19 13:18 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00030160 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00043472 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00048592 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00057808 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00246608 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00027488 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-19 13:18 - 2017-02-08 19:21 - 00241104 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00022336 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-08-19 13:18 - 2017-03-06 14:01 - 00025432 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00028616 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 01826104 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-02-10 18:28 - 2017-02-08 19:20 - 00083912 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 01972536 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 03928896 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00531264 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-02-27 21:33 - 2017-03-06 14:01 - 00053072 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00133432 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00224064 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00207680 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-01-23 22:09 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 22:09 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 22:09 - 2017-03-06 14:01 - 00021848 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 22:09 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2016-08-19 13:18 - 2017-02-08 19:22 - 00350152 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-08-19 13:18 - 2017-03-06 14:01 - 00023896 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00025936 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 20:42 - 2017-02-08 19:17 - 00036296 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-09 20:42 - 2017-03-06 14:01 - 00084288 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-03-09 20:42 - 2017-02-08 19:27 - 00017864 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-09 20:42 - 2017-02-08 19:27 - 01631184 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-09 20:42 - 2017-03-06 14:01 - 00042816 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00171336 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00357688 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-02-10 18:28 - 2017-02-08 19:22 - 00060880 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-19 13:18 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 20:42 - 2017-03-06 14:01 - 00546104 _____ () C:\Users\BReese76\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-06-29 22:04 - 2016-06-29 22:04 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 22:28 - 2017-02-08 22:28 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-09-23 14:05 - 2014-09-23 14:05 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2017-01-12 13:54 - 2017-01-29 02:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Adobe Photoshop CS6 13.0 Final  Multilanguage (patch-PainteR) [ChingLiu]:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2017-03-10 15:18 - 00001235 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239473584-822298280-3168733615-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^BReese76^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPSYSDRV => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OneDrive => "C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PointsPanel => C:\Program Files\PointsPanel\UsageMonitor.UI.App.exe /StartMinimized
MSCONFIG\startupreg: PointsPanelHealthcheck => C:\Program Files\PointsPanel\UsageMonitor.HealthCheck.exe
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Spotify => "C:\Users\BReese76\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\BReese76\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0B8542F7-FD70-4327-949F-127F4A84F516}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B259E70-941E-4655-8977-5DC4BF573657}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FFE0922C-720A-42C4-A42F-B63DC82A100F}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FC37C057-1513-4B8E-ADD8-1476B61F5F5D}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{217AFBF2-8916-470D-BBD0-D85F456E9B7B}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DBFE9A46-0957-47CE-A7D8-F7CF870B44D3}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC7FE3C7-1F39-47D3-B2FF-127D6D25D9EC}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3D987CC3-AA4D-4B38-A3BA-90AD9EE95858}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2ABF52D6-9371-4A55-9348-4A812C3DAE92}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D5EA0DAC-4AA8-44FF-B91D-8939705F3C56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0CC93ECC-2F11-4119-841E-F6B29B99C46A}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D97F4DAC-CF3C-4A8B-99EF-6ABB5980C457}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{3154941E-0CC0-400A-83D1-82108367048F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4297121-341C-4E3B-A21B-E6EFD42D6329}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D98B7D9B-F1F6-41B8-9BC8-5DD84D12B66B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0A524EEF-4EDB-454D-90A7-E95E8B80ADF7}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [UDP Query User{20A58483-044C-4B45-9DD0-63426CECBC97}C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{4CA25272-D853-41EC-AD4C-1FE1C8AE791D}] => (Block) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{CADDEA48-DF89-44C4-8802-B4AE570197FD}] => (Block) C:\program files\adobe\adobe dreamweaver cc 2017\node\node.exe
FirewallRules: [{F0778319-8FF4-455E-BD0D-3F7CF626003F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EFAD3D41-FC65-4FF1-900F-E65F681D0D16}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5D843EB7-CF60-4EE4-A4E0-DE42B816B8B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{185F1DBD-3B92-45AD-8FF4-584AF3C42DA4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1CE8DF39-5C0F-4FDB-A943-C4FD095C9361}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{C5E19967-A57C-4B28-B3F5-A488653F0B9E}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{F4BE326A-6592-4B5A-943C-7B4E0497D098}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [{C9E0521B-BA51-4C7A-BAC8-D5261715CBE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E8B7697-F403-4B7A-8475-E05D4B2C5BF5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{7D1399A5-8F8E-4A04-97B9-4C1F911257AE}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\LeapFTP 3.0\LeapFTP.exe] => Enabled:LeapFTP 3.0

==================== Restore Points =========================

03-03-2017 11:18:25 Scheduled Checkpoint
10-03-2017 14:57:37 Scheduled Checkpoint
10-03-2017 15:13:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2017 03:23:07 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/10/2017 03:23:07 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/10/2017 03:12:44 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/10/2017 03:12:44 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/10/2017 03:08:04 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/10/2017 03:08:04 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/10/2017 01:42:04 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/10/2017 01:42:04 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (03/10/2017 01:41:35 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (03/10/2017 01:41:35 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (03/10/2017 04:10:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 04:00:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 03:50:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 03:40:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 03:30:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 03:22:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (03/10/2017 03:20:44 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (03/10/2017 03:20:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 03:19:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/10/2017 03:19:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Listener service depends on the Server service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
  Date: 2016-08-14 12:05:37.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-14 12:05:37.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 21:57:08.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 21:57:08.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 07:26:34.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 07:26:34.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 11:18:58.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 11:18:58.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 22:01:42.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 22:01:41.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 54%
Total physical RAM: 6100.01 MB
Available physical RAM: 2805.29 MB
Total Virtual: 12198.21 MB
Available Virtual: 8643.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.65 GB) (Free:560.39 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.64 GB) (Free:2.07 GB) NTFS
Drive g: () (Removable) (Total:0.48 GB) (Free:0.08 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4C3DA384)

Partition: GPT.

========================================================
Disk: 2 (Size: 488.7 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

From here on should I post logs as seperate replies?


  • 0

#6
Bruce1270
Posted 10 March 2017 - 06:08 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi BrianR1976
 

From here on should I post logs as seperate replies?


No. What you are posting is absolutely fine. :thumbsup:

Im not seeing anything malware related - just clearing a few left overs.

step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   1.26KB   175 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    It's getting late here so I'm signing off for the night. In your next post can you let me know if you experience further lock-ups/freezes? Also does it happen if you are on a specifc web site or doing a particular thing?

    Thanks

  • 0

#7
BrianR1976
Posted 10 March 2017 - 11:25 PM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

It hasn't done anything since I have been back on the computer this evening. If it does I will edit the post and give information about it. I have noticed that the couple times that I have had to restart my computer today due to these fix it programs that the computer seems to be loading a little slower and the desktop remains black for far longer than it normally does. As for when the issues happen its totally random. I can be typing or scrolling or watching videos (I think on this one). I'm usually doing something when it happens. When it first started happening I just thought it was the mouse acting up as the pointer would stop but music would continue to play if I was listening to it.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by BReese76 (10-03-2017 22:11:32) Run:1
Running from C:\Users\BReese76\Desktop
Loaded Profiles: BReese76 (Available Profiles: BReese76)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [AdobeBridge] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\BReese76\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
HKU\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 151959386 B
Java, Flash, Steam htmlcache => 4099 B
Windows/system/drivers => 5494601 B
Edge => 0 B
Chrome => 761562796 B
Firefox => 381364335 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 12 B
BReese76 => 292367 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:15:16 ====


  • 0

#8
BrianR1976
Posted 11 March 2017 - 01:56 AM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

It froze multiple times after I posted the above post. It happened while doing various things. I was looking at Amazon, at videos on youtube, on Facebook. No real pattern here.


  • 0

#9
Bruce1270
Posted 11 March 2017 - 11:03 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi BrianR1976

Ok. Thanks for the update, I don't think we are looking at anything malware related here. We'll run a "second opinion" scanner just to make sure and then we'll look at other options.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

  • 0

#10
BrianR1976
Posted 11 March 2017 - 12:33 PM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Clean scan. Its still freezing though. I was on Facebook this time when it happened.

 

Emsisoft Emergency Kit - Version 2017.2
Last update: 3/11/2017 11:17:56 AM
User account: BReese76-HP\BReese76
Computer name: BREESE76-HP
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    3/11/2017 11:19:01 AM

Scanned    147860
Found    0

Scan end:    3/11/2017 11:32:05 AM
Scan time:    0:13:04
 


  • 0

Advertisements

#11
Bruce1270
Posted 12 March 2017 - 04:33 AM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi BrianR1976

Try a clean boot state and browse to see if the problem still occurs.

Please put your operating system into a clean boot state

To do this follow the steps in this guide.

Once in clean boot mode, browse for a good few hours to see if the problems occur.

Let me know how this goes.
  • 0

#12
BrianR1976
Posted 13 March 2017 - 12:19 AM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

I disabled the things I needed to disable and I haven't had any issues. I have been going to the sites that tend to be the problem too.

 

 

Edit: I spoke too soon. Right after I posted this I had an issue. I was on Tumblr which is graphics heavy.


Edited by BrianR1976, 13 March 2017 - 12:21 AM.

  • 0

#13
Bruce1270
Posted 13 March 2017 - 02:28 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi BrianR1976

Ok. You can undo the clean boot now.
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter.
  • Note If you are prompted for an administrator password or for confirmation, you should type the password or click Continue.
  • On the General tab, click the Normal Startup option, and then click OK.
  • When you are prompted to restart the computer, click Restart.



    Scan with Speccy:

    Please download the installer for Speccy from here to your desktop.

    Right-click on spsetupnnn.exe and select Run as Administrator to install the application >> follow the prompts >> deselect the option Automatically check for updates to Speccy(the others leave as is per your preference) >> Install
    Deselect View Release notes but leave Run Speccy vN.NN selected >> Finish
    Speccy will now automatically scan your system, this may take some time etc.
    Once it has completed scanning >> click on File >> Save as Text File... >> select the Desktop as the save destination >> Save
    Close Speccy.
    Open the notepad file you have just saved...
    Scroll down to the heading Operating System >>next to Serial Number:
    Delete/remove the actual serial number as prudent not to have that displayed in a open forum for security reasons etc.
    Post the Speccy log in your next reply for my review.

  • 0

#14
BrianR1976
Posted 13 March 2017 - 11:35 PM

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

I went to undo the clean boot tonight and pretty much all [bleep] broke loose. When I would click Normal Startup MSConfig would crash. It did this three times before I could get it to process correctly. Then when I restarted everything that I had disabled came back which lead to a nice 5 minute boot load period. I disabled most of what I had disabled before and went ahead with the Speccy scan.

 

The site wouldnt let me upload the results, said it CONTENT_TOO_LONG, so the file is uploaded with the post

Attached Files


Edited by BrianR1976, 13 March 2017 - 11:42 PM.

  • 0

#15
Bruce1270
Posted 14 March 2017 - 05:04 PM

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi BrianR1976


Get Process Explorer from here

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
  • Click on View > Select Column > tick Verified Signer >OK
  • Click Options >Verify Image Signatures


    Then Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

    Wait a full minute then:

    File, Save As, Save to desktop. Open the file .txt on your desktop and copy and paste the text to a reply.


    Then

    Open an elevated command prompt - click on start > in search box type Cmd. in the list of programs that appear highlight command prompt > right click > select Run as Administrator.

    Type in the command net stop winmgmt and press enter.

    If you get a message saying other services are dependent on this service and stopping it will also stop these services Do you wish to continue with this operation. Type Y for Yes and hit enter.


    After you have done this try the web browsing again - do you still get the lock ups/freeze?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP