Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 7 computer start up problems


  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

If you are not using Avast Secure Browser uninstall it.  It supposedly causes these errors:

 

Error: (11/19/2018 10:17:56 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

 

 

Can I see a new FRST scan with Addition checked?


  • 0

Advertisements


#77
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by BReese76 (administrator) on BREESE76-HP (21-11-2018 19:39:20)
Running from C:\Users\BReese76\Desktop
Loaded Profiles: BReese76 (Available Profiles: BReese76)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3711320 2018-10-26] (Malwarebytes)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-19] (AVAST Software)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7429280 2018-07-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7429280 2018-07-25] (Fitbit, Inc.)
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5E1B1D25-767C-4FD6-AE4C-55CFC5626C29}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E745E9B4-9BA4-4154-BDFC-4B77998EAAFE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {A3F3D8FE-86AE-4813-B96F-A656930924FD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-11-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-04] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-11-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206 [2018-11-21]
FF Homepage: Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206 -> www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206 -> about:newtab
FF Extension: (Grammarly for Firefox) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-10-30]
FF Extension: (New XKit) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\@new-xkit.xpi [2018-03-31]
FF Extension: (AdBlocker Ultimate) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-10-25]
FF Extension: (YouTube™ Flash® Player) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-01-28]
FF Extension: (uBlock Origin) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-11-06]
FF Extension: (Avast Online Security) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-11-20]
FF Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2018-11-07]
FF Extension: (Popup Blocker Ultimate) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2018-10-01]
FF Extension: (Hard Refresh Button) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{b6da57d3-9727-4bc0-b974-d13e7c004af0}.xpi [2017-11-20]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-10-07]
FF Extension: (Yahoo! Toolbar) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-239473584-822298280-3168733615-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default [2018-11-21]
CHR Extension: (Slides) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Docs) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Google Drive) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
CHR Extension: (YouTube) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
CHR Extension: (Adblock Plus) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-14]
CHR Extension: (uBlock Origin) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-11-06]
CHR Extension: (Avast Passwords) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-11-19]
CHR Extension: (Sheets) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (AdBlock) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-11-04]
CHR Extension: (Yahoo Partner) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2018-04-28]
CHR Extension: (Avast Online Security) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-11-16]
CHR Extension: (GIFit!) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoojcphcmgcplkpckkjpdlloooifgec [2018-11-04]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-19] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [6115488 2018-07-25] (Fitbit, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S4 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [201240 2018-11-19] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-19] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201768 2018-11-19] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346592 2018-11-19] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59496 2018-11-19] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239608 2018-11-20] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46384 2018-11-19] (AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42288 2018-11-19] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [163208 2018-11-19] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111800 2018-11-19] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87432 2018-11-19] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1028680 2018-11-19] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469272 2018-11-19] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [208472 2018-11-19] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380464 2018-11-19] (AVAST Software)
S3 cmnxusbser; C:\windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-21] (Malwarebytes)
S3 netr28x; C:\windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-05-14] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 rspLLL; C:\windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-21 19:32 - 2018-11-21 19:32 - 000260480 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-11-20 22:55 - 2018-11-20 22:55 - 004463104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2018-11-19 23:17 - 2018-11-19 23:24 - 000000000 ____D C:\Users\BReese76\Downloads\Bootlegs
2018-11-19 23:03 - 2018-11-19 23:03 - 000042792 _____ C:\Users\BReese76\Desktop\MTB.txt
2018-11-19 23:01 - 2018-11-19 23:01 - 000892416 _____ (Farbar) C:\Users\BReese76\Desktop\MiniToolBox.exe
2018-11-19 17:22 - 2018-11-19 17:21 - 000378584 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-11-17 14:12 - 2018-11-17 14:12 - 000001830 _____ C:\Users\BReese76\Downloads\cc_20181117_141205.reg
2018-11-17 14:11 - 2018-11-17 14:11 - 000040930 _____ C:\Users\BReese76\Downloads\cc_20181117_141111.reg
2018-11-17 14:11 - 2018-11-17 14:11 - 000001174 _____ C:\Users\BReese76\Downloads\cc_20181117_141131.reg
2018-11-17 14:10 - 2018-11-17 14:10 - 000156280 _____ C:\Users\BReese76\Downloads\cc_20181117_141049.reg
2018-11-17 11:59 - 2018-11-17 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-11-17 11:13 - 2018-11-17 11:13 - 000000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-16 00:10 - 2018-11-16 00:10 - 000000000 ____D C:\Users\BReese76\Desktop\345 Final Stuff
2018-11-10 20:24 - 2018-11-13 10:11 - 000000000 ____D C:\Users\BReese76\AppData\Local\Adobe
2018-11-09 23:56 - 2018-11-09 23:56 - 005250965 _____ C:\Users\BReese76\Downloads\vault_tec_id_card_by_zanderyurami-dcrlu4u.psd
2018-11-09 22:57 - 2018-11-09 22:57 - 000107628 _____ C:\Users\BReese76\Downloads\cc_20181109_225659.reg
2018-11-09 22:40 - 2018-11-11 22:44 - 000006825 _____ C:\Users\BReese76\Desktop\Fixlog.txt
2018-11-08 21:33 - 2018-11-08 21:33 - 000002233 _____ C:\Users\BReese76\Desktop\Kindle.lnk
2018-11-06 21:53 - 2018-11-06 21:53 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\CrystalIdea Software
2018-11-05 21:14 - 2018-11-10 21:36 - 002885868 _____ C:\Users\BReese76\Desktop\SearchReg.txt
2018-11-05 21:09 - 2018-11-05 21:09 - 003938816 _____ C:\Users\BReese76\Downloads\OWL Peer Review Presentation HUM 345W.ppt
2018-11-04 22:23 - 2018-11-17 11:59 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-31 20:45 - 2018-10-31 20:45 - 000000000 ____D C:\ProgramData\Ralink
2018-10-29 20:16 - 2018-11-15 22:33 - 000003666 _____ C:\windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-10-29 20:16 - 2018-10-29 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-10-28 08:29 - 2018-10-28 21:59 - 000000000 ____D C:\Users\BReese76\Desktop\TP Files
2018-10-27 15:30 - 2018-10-27 16:09 - 000000000 ___RD C:\Users\BReese76\Creative Cloud Files
2018-10-27 15:20 - 2018-10-27 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-10-27 15:20 - 2018-10-27 15:20 - 000000000 ____D C:\Program Files\VS Revo Group
2018-10-27 15:17 - 2018-10-27 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2018-10-27 15:17 - 2018-10-27 15:17 - 000000000 ____D C:\Program Files\LatencyMon
2018-10-27 15:17 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\windows\system32\Drivers\rspLLL64.sys
2018-10-27 12:17 - 2018-10-27 12:17 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-10-27 12:17 - 2018-10-27 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-10-27 12:17 - 2018-10-27 12:17 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2018-10-27 11:21 - 2018-10-27 11:21 - 000749133 _____ C:\Users\BReese76\Downloads\nejmsa1803972.pdf
2018-10-27 11:09 - 2018-10-27 11:09 - 002379965 _____ C:\Users\BReese76\Downloads\26502501.pdf
2018-10-27 09:47 - 2018-10-27 09:47 - 000000000 ____D C:\windows\CheckSur
2018-10-27 09:39 - 2018-10-27 09:39 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\AVAST Software
2018-10-27 09:39 - 2018-10-27 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-10-27 09:38 - 2018-11-20 21:39 - 000239608 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-10-27 09:38 - 2018-11-19 17:23 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-10-27 09:38 - 2018-11-19 17:21 - 000469272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000380464 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000208472 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000201240 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000163208 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000111800 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000087432 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000046384 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-10-27 09:38 - 2018-11-19 17:20 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2018-10-27 09:38 - 2018-11-19 17:19 - 001028680 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-10-27 09:38 - 2018-11-19 17:19 - 000346592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-10-27 09:38 - 2018-11-19 17:19 - 000059496 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-10-27 09:38 - 2018-11-19 17:18 - 000230344 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-10-27 09:38 - 2018-11-19 17:18 - 000201768 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-10-27 09:37 - 2018-10-27 09:37 - 000000000 ____D C:\Program Files\AVAST Software
2018-10-27 00:25 - 2018-10-27 00:25 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-26 15:11 - 2018-10-26 15:12 - 000987383 _____ C:\Users\BReese76\Downloads\20557379_f07df4feb86bc5402f9bcaeb2d34beae98cdb560.cab
2018-10-26 14:55 - 2018-10-26 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2018-10-26 13:41 - 2018-10-26 13:42 - 000000033 _____ C:\Users\BReese76\Desktop\F76.txt
2018-10-26 09:29 - 2018-11-15 22:33 - 000003470 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-BReese76-HP-BReese76
2018-10-25 23:21 - 2018-10-25 23:22 - 000030933 _____ C:\Users\BReese76\Desktop\Geck.pdf
2018-10-25 16:09 - 2018-10-25 16:09 - 000010613 _____ C:\junk.txt
2018-10-25 15:58 - 2018-11-10 21:31 - 000056192 _____ C:\Users\BReese76\Desktop\Addition.txt
2018-10-25 15:46 - 2018-11-21 19:47 - 000023906 _____ C:\Users\BReese76\Desktop\FRST.txt
2018-10-25 15:43 - 2018-10-26 15:08 - 000000000 ____D C:\Users\BReese76\AppData\Local\Plays
2018-10-25 15:43 - 2018-10-25 15:48 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plays.tv, Inc
2018-10-25 15:43 - 2018-10-25 15:48 - 000000000 ____D C:\Users\BReese76\AppData\Local\Plays-ltc
2018-10-25 15:41 - 2018-10-25 18:00 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Plays
2018-10-25 15:38 - 2018-10-25 15:38 - 000000000 ____D C:\Users\BReese76\AppData\Local\{E6CA9661-A945-4BD0-BF5E-5DD6778360EC}
2018-10-25 15:32 - 2018-11-21 19:33 - 000000000 ____D C:\Users\BReese76\Desktop\FRST-OlderVersion
2018-10-25 09:03 - 2018-10-25 09:03 - 000000000 ____D C:\Users\BReese76\AppData\Local\FitbitConnect
2018-10-25 09:03 - 2018-10-25 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2018-10-25 09:03 - 2018-10-25 09:03 - 000000000 ____D C:\Program Files (x86)\Fitbit Connect
2018-10-25 08:59 - 2018-10-25 09:00 - 059263264 _____ (Fitbit Inc.) C:\Users\BReese76\Downloads\FitbitConnect-v2.0.2.7066-2018-07-25.exe
2018-10-23 21:22 - 2018-10-23 21:22 - 000002820 _____ C:\VEWApplication.txt
2018-10-23 21:08 - 2018-11-21 19:33 - 002416640 _____ (Farbar) C:\Users\BReese76\Desktop\FRST64.exe
2018-10-23 21:07 - 2018-10-31 20:15 - 000015135 _____ C:\VEW.txt
2018-10-23 20:34 - 2018-10-23 20:34 - 020975616 _____ C:\Users\BReese76\Documents\WinLog102318.evtx
2018-10-23 20:34 - 2018-10-23 20:34 - 020975616 _____ C:\Users\BReese76\Documents\AppLog102318.evtx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-21 19:46 - 2016-11-15 21:55 - 000000000 ____D C:\Users\BReese76\AppData\LocalLow\Mozilla
2018-11-21 19:46 - 2009-07-13 21:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-21 19:46 - 2009-07-13 21:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-21 19:39 - 2018-02-02 14:49 - 000000000 ____D C:\FRST
2018-11-21 19:34 - 2017-09-26 20:35 - 000000000 ____D C:\Users\BReese76\AppData\Local\AVAST Software
2018-11-21 19:32 - 2012-11-21 21:17 - 000000000 ____D C:\ProgramData\PDFC
2018-11-21 19:31 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-11-20 22:55 - 2018-03-13 22:55 - 000004476 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-20 22:55 - 2013-05-15 09:12 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-11-20 22:55 - 2012-11-21 21:15 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-11-20 22:55 - 2012-11-21 21:15 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-20 22:55 - 2012-11-21 21:15 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-11-20 22:55 - 2012-11-21 21:15 - 000000000 ____D C:\windows\system32\Macromed
2018-11-20 21:50 - 2012-12-13 15:47 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-19 23:20 - 2017-06-13 22:24 - 000000000 ____D C:\Users\BReese76\Downloads\EXE's
2018-11-17 22:15 - 2017-01-05 10:02 - 000014737 _____ C:\Users\BReese76\Desktop\Bills.xlsx
2018-11-17 21:57 - 2012-12-13 20:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 12:01 - 2017-01-12 13:53 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-17 12:00 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2018-11-17 11:58 - 2012-11-21 21:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-17 11:13 - 2018-08-20 22:17 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-11-17 11:13 - 2016-11-15 15:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-16 15:52 - 2016-12-01 21:28 - 000000208 _____ C:\Users\BReese76\Desktop\Nests.txt
2018-11-15 22:33 - 2018-10-19 22:44 - 000003514 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-BReese76-HP-BReese76
2018-11-15 22:33 - 2018-08-20 22:17 - 000002802 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-11-15 22:33 - 2015-12-03 20:31 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-11-15 22:33 - 2015-05-13 16:28 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-15 22:33 - 2013-02-12 22:00 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-15 19:16 - 2017-01-13 13:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-12 21:07 - 2014-11-06 00:07 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-11 22:44 - 2014-10-23 12:18 - 000000000 ____D C:\Program Files (x86)\Real
2018-11-10 20:44 - 2017-03-19 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2018-11-09 23:52 - 2013-01-01 14:18 - 000000000 ____D C:\Program Files (x86)\7-Zip
2018-11-09 23:37 - 2012-12-23 10:22 - 000000000 ____D C:\Users\BReese76\Tracing
2018-11-09 23:01 - 2018-09-01 08:27 - 000000000 ____D C:\windows\Minidump
2018-11-09 23:01 - 2012-12-14 21:05 - 000000000 ____D C:\Users\BReese76\AppData\Local\CrashDumps
2018-11-09 22:55 - 2018-08-20 22:17 - 000000000 ____D C:\Program Files\CCleaner
2018-11-09 22:42 - 2013-10-07 22:29 - 000000000 ____D C:\Program Files\Adobe
2018-11-08 21:37 - 2018-09-10 19:42 - 000000000 ____D C:\Users\BReese76\Documents\My Kindle Content
2018-11-08 21:37 - 2015-12-22 22:39 - 000001933 _____ C:\Users\BReese76\Desktop\bands to listen to.txt
2018-11-06 11:12 - 2012-12-13 15:38 - 000000000 ____D C:\Users\BReese76\AppData\Local\PDFC
2018-11-04 23:05 - 2016-06-09 12:56 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Google
2018-10-31 20:44 - 2012-11-21 21:06 - 000000000 ____D C:\windows\system32\RaLanguages
2018-10-31 20:42 - 2012-11-21 21:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2018-10-31 20:41 - 2011-02-11 09:32 - 000000000 ____D C:\SWSETUP
2018-10-29 21:07 - 2012-12-13 15:43 - 000124632 _____ C:\Users\BReese76\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-29 21:04 - 2009-07-13 21:45 - 005154608 _____ C:\windows\system32\FNTCACHE.DAT
2018-10-28 07:40 - 2009-07-13 22:13 - 000781298 _____ C:\windows\system32\PerfStringBackup.INI
2018-10-27 16:12 - 2017-03-22 21:26 - 000000000 ___HD C:\adobeTemp
2018-10-27 15:39 - 2016-06-06 21:03 - 000007597 _____ C:\Users\BReese76\AppData\Local\Resmon.ResmonCfg
2018-10-27 15:30 - 2012-12-13 15:31 - 000000000 ____D C:\Users\BReese76
2018-10-27 15:25 - 2013-02-02 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2018-10-27 12:08 - 2015-08-26 21:59 - 000000000 ____D C:\Program Files\Java
2018-10-27 00:26 - 2013-05-19 13:54 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Dropbox
2018-10-26 15:19 - 2012-11-21 21:19 - 000000000 ____D C:\Program Files (x86)\Windows Live
2018-10-26 15:18 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-10-26 15:01 - 2014-11-10 23:15 - 000000000 ____D C:\ProgramData\Apple
2018-10-26 14:58 - 2013-02-02 21:46 - 000000000 ____D C:\Users\BReese76\Documents\My Digital Editions
2018-10-26 14:58 - 2012-12-14 21:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-26 14:55 - 2017-03-18 12:40 - 000000000 ____D C:\Program Files (x86)\Raptr Inc
2018-10-26 10:29 - 2018-10-12 15:30 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-10-25 15:48 - 2015-05-27 22:47 - 000000000 ____D C:\Users\BReese76\AppData\Local\SquirrelTemp
2018-10-25 15:45 - 2012-12-13 20:54 - 000000000 ____D C:\Brians
2018-10-25 15:42 - 2017-04-16 13:29 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Spotify
2018-10-25 15:42 - 2013-02-25 22:40 - 000000000 ____D C:\Users\BReese76\AppData\Local\Spotify
2018-10-25 15:41 - 2017-03-18 12:41 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\PlaysTV
2018-10-25 09:03 - 2016-01-03 11:50 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-10-25 09:03 - 2014-12-26 22:57 - 000000000 ____D C:\ProgramData\FitbitConnect
2018-10-24 22:54 - 2017-08-31 09:20 - 000000000 _____ C:\windows\SysWOW64\last.dump

==================== Files in the root of some directories =======

2016-09-16 12:46 - 2016-09-16 12:46 - 000000132 _____ () C:\Users\BReese76\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-30 21:07 - 2018-05-29 22:25 - 000000033 _____ () C:\Users\BReese76\AppData\Roaming\AdobeWLCMCache.dat
2018-09-25 20:50 - 2018-09-25 20:50 - 000000000 _____ () C:\Users\BReese76\AppData\Local\oobelibMkey.log
2013-11-10 21:16 - 2013-11-10 21:16 - 000002647 _____ () C:\Users\BReese76\AppData\Local\recently-used.xbel
2016-06-06 21:03 - 2018-10-27 15:39 - 000007597 _____ () C:\Users\BReese76\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-16 15:05

==================== End of FRST.txt ============================


  • 0

#78
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by BReese76 (21-11-2018 19:51:48)
Running from C:\Users\BReese76\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-13 22:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239473584-822298280-3168733615-500 - Administrator - Disabled)
BReese76 (S-1-5-21-239473584-822298280-3168733615-1001 - Administrator - Enabled) => C:\Users\BReese76
Guest (S-1-5-21-239473584-822298280-3168733615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-239473584-822298280-3168733615-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-cae94c41-98d3-4995-a92c-1a9f8e9e703a) (Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 18.05 (HKLM-x32\...\{23170F69-40C1-2701-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
ActivePerl 5.16.1 Build 1601 (HKLM-x32\...\{9441AF70-8CCC-41EE-B2C1-398F5FE7E387}) (Version: 5.16.1601 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_1) (Version: 8.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_5) (Version: 7.5 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_6) (Version: 19.1.6 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Amazon Kindle) (Version: 1.24.3.51068 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\{EE54B7D5-57E0-A190-5D10-0982B52DF050}) (Version: 3.0.0 - Amazon Services LLC) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.16.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-e9b0d2ff-58f2-4f92-aa9f-4235ebcaa010) (Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WTA-5c3a7a94-dfef-4e00-8d66-77ba16901e21) (Version: 2.2.0.95 - WildTangent) Hidden
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre (HKLM-x32\...\{B76A3B8A-CD1E-4260-BA4A-6A6EAA05715D}) (Version: 2.82.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WTA-18a12f60-8d31-4fc4-b9d4-ba8c3db71ff8) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-a28c47a7-a641-4085-a762-d1580dfb3be7) (Version: 2.2.0.98 - WildTangent) Hidden
CrystalDiskInfo 7.8.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.8.0 - Crystal Dew World)
CrystalDiskMark 6.0.1 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.1 - Crystal Dew World)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-8f7267c2-328a-41f3-b2d6-034896b7d44c) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Dropbox) (Version: 60.4.107 - Dropbox, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape the Emerald Star (HKLM-x32\...\WTA-0fa94eff-d6c9-4239-a91c-51c12c0444a0) (Version: 2.2.0.98 - WildTangent) Hidden
Fantasy Hockey League (HKLM-x32\...\ST5UNST #1) (Version:  - )
Farm Frenzy (HKLM-x32\...\WTA-ce060142-91ae-43c4-b0e0-f2c817140380) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-8100fd1a-3049-41a7-814f-8b53792f1f9b) (Version: 2.2.0.97 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-7202739a-55ea-4ae4-856c-5258f747150f) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-5dc76dc0-c994-4092-bb73-46a81f3bd8ae) (Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{2F0A730C-3593-4637-B740-B9F589591376}) (Version: 2.0.2.7066 - Fitbit Inc.)
FITS Liberator 3.0.1 (HKLM-x32\...\FITS Liberator) (Version: 3.0.1 - ESO/ESA/NASA)
Golden Trails 2: The Lost Legacy Collector's Edition (HKLM-x32\...\WTA-9d8b0610-c5e3-45ee-af7c-cdeea94b2e90) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-d2187750-9140-4bdc-80c4-23556ca5aa81) (Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.18.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-4a300df6-0a04-42ca-8731-ce1dc72d918d) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-cde176c2-3fbb-4206-8d44-8c409895fe58) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-57a418fb-a77e-43a6-b537-20d17df5f4d0) (Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor HD (HKLM-x32\...\WTA-afa075f1-744f-4c53-9043-24311e6226ae) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-e396b932-3635-442c-a16a-ad5e9cd9ba6f) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-99303275-448e-4ef7-af3b-382815c633d8) (Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life 2 (HKLM-x32\...\WTA-c2399047-bc9f-4bd9-be08-2bb213f1caf9) (Version: 2.2.0.98 - WildTangent) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Noiseware Community Edition (HKLM-x32\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-ba1d02c0-99a5-44d9-ad50-d78e0ff275e1) (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-5265d433-55cf-4f91-8af7-6f222f20ecbe) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-f45a2279-a2f0-4996-b789-170e0caa6692) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-49198b23-c076-479e-8963-efcc5b8f3b43) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-717d6b13-c516-4e2f-aa7b-6859d039bc61) (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.)
PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.10.0 - Mediatek)
RealDownloader (HKLM-x32\...\{17C5FC50-8E12-4D06-AAF2-A9D9F0CE0A32}) (Version: 18.1.7.347 - RealNetworks)
RealDownloader (HKLM-x32\...\{6cf9c673-d8f4-48dc-b916-4e9bc19b5682}) (Version: 18.1.7.347 - RealNetworks)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Roads of Rome 3 (HKLM-x32\...\WTA-e94797d3-3b47-45b2-b709-a68038792160) (Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Spotify (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Spotify) (Version: 1.0.91.183.g259b84fa - Spotify AB)
Stellarium 0.12.1 (HKLM\...\Stellarium_is1) (Version: 0.12.1 - Stellarium team)
Tales of Lagoona (HKLM-x32\...\WTA-8ae7d57e-9bf6-4714-9287-2ebbabeb96ba) (Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (HKLM-x32\...\{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\WTA-564fcbde-007d-4035-80b5-601ed66ad9f1) (Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (HKLM-x32\...\{F89BADB0-D319-470E-8024-443EE3A3402B}) (Version: 5.1.15.0 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.3.0 - Tweaking.com)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (HKLM-x32\...\{415B9F6F-CC10-472E-A5A2-8961A3374148}) (Version: 18.1.7 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-2bbf0a89-bf22-4c3a-80ae-5e03ef3a7a49) (Version: 2.2.0.98 - WildTangent) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\WinDirStat) (Version:  - )
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Youda Fisherman (HKLM-x32\...\WTA-d63f8446-d7e3-4baa-a564-dd263804d9c6) (Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-5ba1d7e5-572b-42a4-bae2-e30c907395b5) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-02-12] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1_S-1-5-21-239473584-822298280-3168733615-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-239473584-822298280-3168733615-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-239473584-822298280-3168733615-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000A66B4-C5A7-40C0-ABE1-08F62EE40AAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0CFDE608-A517-4970-8DD5-7D27BCC5DD06} - System32\Tasks\AdobeGCInvoker-1.0-BReese76-HP-BReese76 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {13DD1953-A60D-445C-BB50-41C3C19AAE59} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-11-17] (Microsoft Corporation)
Task: {1E00BF53-E352-4DA4-B795-01FED872799B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2754156C-20FF-4CD1-8DBD-89ECBC13D3D4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-27] (AVAST Software)
Task: {32B0AA4F-52BC-42AE-B6D7-BFBF6E75664C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {33076945-963E-4EC4-A13C-EB638BBC2955} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {46A5A90B-A669-442B-8B6B-FF40C235C02E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {46F71F37-40A9-4ED7-9429-9DD41EE76C65} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {5029C1CA-5BCE-4679-A841-B76E8DFF3FC8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {58DE2B7F-0A9A-4313-8D3C-582AAF3A649C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-19] (AVAST Software)
Task: {6589F81E-1407-474E-8C47-6C46168D97C5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {66966F34-9999-47C9-B34A-F4953997AB54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-17] (Microsoft Corporation)
Task: {6D9C6D34-86C2-427A-A303-7664C9BFA920} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {75C8E018-FAF0-4181-980B-8D0C5400D07E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {79422CDF-05D6-4144-AB98-1A2FD7D912A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {841B6135-9515-4BCD-91E6-82259A468D69} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {8EED3BE9-ABF2-4ABD-B322-AE309DF696F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9420A5AA-43B0-436C-844D-D60495D91273} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9561EE76-4A00-4207-A4A6-A02BEF961013} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {9CB1120C-48FE-45A1-839E-D793E9AED94B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9DC23B30-F922-446B-B441-19321A47FDF7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {B62466C6-3941-4D30-BF26-597D3B58ADD3} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {BAD5407C-EF68-4424-9623-ECDD618259FE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {BC0B38A5-D4D5-46F8-AFBD-29638758B612} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C365ED2D-49B0-47DC-B27A-233A27F2F956} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C5076A86-711E-47E8-B73A-DCBDB7048190} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {E5937814-01F5-4765-A731-3DD78EE5817F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {E870D75C-F851-459E-B3F8-6BB7B63CDA68} - System32\Tasks\Java Check => “C:\Program [Argument = Files\Java\jre1.6.0_01\bin\jucheck.exe”]
Task: {E9348A4E-9932-4F16-A079-233DC63FBF06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F4954C7E-F1F3-4A24-9E4B-D6D71AEAA2E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {F57B3142-65DA-443D-8CC3-1FBF352738D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-17] (Microsoft Corporation)
Task: {F717F655-E608-4A88-8B12-54BE5F49E81F} - System32\Tasks\AdobeAAMUpdater-1.0-BReese76-HP-BReese76 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-02-20 22:09 - 2013-06-17 16:40 - 000035944 _____ () C:\windows\system32\ddmon4-64x.dll
2018-10-12 15:30 - 2018-10-26 10:29 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-05 20:47 - 2018-03-05 20:47 - 000614848 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-02-12 15:31 - 2017-02-12 15:31 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-11-19 17:20 - 2018-11-19 17:20 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-11-19 17:20 - 2018-11-19 17:20 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-19 17:20 - 2018-11-19 17:20 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-19 17:19 - 2018-11-19 17:19 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-19 17:19 - 2018-11-19 17:19 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-19 17:19 - 2018-11-19 17:19 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-11-21 19:34 - 2018-11-21 19:34 - 005732496 _____ () C:\Program Files\AVAST Software\Avast\defs\18112108\algo.dll
2018-07-20 22:13 - 2018-07-20 22:13 - 080293888 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2018-07-25 22:04 - 2018-07-25 22:04 - 000068608 ____R () C:\Program Files (x86)\Fitbit Connect\MP3Gain.dll
2018-10-27 09:39 - 2018-10-27 09:39 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Adobe Photoshop CS6 13.0 Final  Multilanguage (patch-PainteR) [ChingLiu]:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-11-21 19:31 - 000003413 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239473584-822298280-3168733615-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: CryptoPreventEmail => 3
MSCONFIG\Services: CryptoPreventFolderWatch => 3
MSCONFIG\Services: CryptoPreventMonSvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: Dropbox Update => "C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D86A00B7-D787-4FCF-99DE-7828BCCCAAB4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9207830A-E076-48DE-923C-0ED795B6911A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0351AACC-82F6-431C-833C-B0F6AE936B88}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0E08BD01-86AA-40C4-BB2E-CCDBC0329DF4}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{5BF64805-C0E7-4D45-B92D-444F9F19CE0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90F94230-F5F8-4433-B01C-E2F733161CD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{406EDAFD-BDB5-45CB-85EA-9E5A623398D9}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A10894CE-0E9F-4B8C-B334-5219B7792227}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0AE574CF-CB8F-45DA-B1E0-C510D13BDE60}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4626A069-0430-4CB6-B649-D014987AC2E3}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{397F67DA-7FA0-48F4-91E1-A9D6E2FF016C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{8499C925-E03E-4489-AC50-4C3A46D0F887}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{FB8F4E8E-67DA-421B-AEB5-C0A32CD85F08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{40DDC61A-3ADA-4E13-B05F-40BC8D433297}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7637EC3F-5FE6-4980-9AF4-63937327F824}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{387C399E-1650-48A9-895E-BE8B254769CA}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{99B18C80-5651-4DF1-9D7D-5F3B7CC6C68E}C:\program files\adobe\adobe animate cc 2017\animate.exe] => (Allow) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [UDP Query User{DF9E8C34-7F2D-4EB8-B268-B5767D0C6A59}C:\program files\adobe\adobe animate cc 2017\animate.exe] => (Allow) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [{D93012D1-174B-4435-9226-86890370A575}] => (Block) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [{8798B6CD-A844-4093-B348-524C2BB41397}] => (Block) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [{2F563B47-0847-4817-B018-E55552F9E2A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F62FFA17-3323-4155-965A-2EE56A8BABEF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C28DCD0B-1F6A-4BD8-ABD5-6139E3FBE114}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F3A039D5-D3E4-430A-B56F-B758526E2DEC}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{4EEE1BBE-15E9-419F-80BA-9A05DD89B3F9}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{A28C605B-0756-4196-BDBF-45C7CE892841}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{45AE197E-2D6E-428F-B1C2-BEBC8FA76113}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8B31B6F3-ACCB-4080-950E-30B2AC75932F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C03AC624-0A25-46DA-AEA9-8AA30B9D39A9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{30668312-C1EC-40AD-AF08-3282DE9E812D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

10-11-2018 20:58:06 Removed RealUpgrade 1.1
10-11-2018 21:01:30 Removed RealNetworks - Microsoft Visual C++ 2008 Runtime
10-11-2018 21:09:50 Removed RealNetworks - Microsoft Visual C++ 2010 Runtime
19-11-2018 18:26:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2018 10:17:56 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/20/2018 09:18:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/20/2018 09:11:38 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/20/2018 12:18:10 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/20/2018 12:00:33 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {002ADBA4-0002-0000-0000-0000F0000000}. The error code was 0x800401fd.

Error: (11/19/2018 11:17:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/19/2018 10:17:56 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/19/2018 09:17:56 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (11/21/2018 07:43:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2018 07:39:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/21/2018 07:33:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2018 12:17:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (11/21/2018 12:09:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2018 11:59:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2018 11:49:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/20/2018 11:39:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 54%
Total physical RAM: 6100.01 MB
Available physical RAM: 2785.48 MB
Total Virtual: 12198.17 MB
Available Virtual: 9019.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.65 GB) (Free:442.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.64 GB) (Free:2.07 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4C3DA384)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Another fixlist:

 

Attached File  fixlist.txt   3.23KB   280 downloads

 

After you run the fixlist, go in to MSCONFIG and recheck the Avast entries at least.  We don't want to cripple it or keep it from updating.

OK  Then reboot and make another FRST log with Addition.txt checked.

 

How is it running now?


  • 0

#80
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by BReese76 (22-11-2018 21:50:13) Run:6
Running from C:\Users\BReese76\Desktop
Loaded Profiles: BReese76 (Available Profiles: BReese76)
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 17.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17C5FC50-8E12-4D06-AAF2-A9D9F0CE0A32}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{415B9F6F-CC10-472E-A5A2-8961A3374148}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6cf9c673-d8f4-48dc-b916-4e9bc19b5682}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
MSCONFIG\Services: CryptoPreventEmail => 3
MSCONFIG\Services: CryptoPreventFolderWatch => 3
MSCONFIG\Services: CryptoPreventMonSvc => 2
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"







*****************

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 17.0 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17C5FC50-8E12-4D06-AAF2-A9D9F0CE0A32} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{415B9F6F-CC10-472E-A5A2-8961A3374148} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6cf9c673-d8f4-48dc-b916-4e9bc19b5682} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD46163A-0331-4A61-B65A-7B66D7C93F8E} => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3AE96D6-E196-45B4-AF62-2B41998B9E37} => removed successfully
"HKU\\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
"HKU\\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx" => not found
HKLM\Software\Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CryptoPreventEmail => removed successfully
HKLM\System\CurrentControlSet\Services\CryptoPreventEmail => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CryptoPreventFolderWatch => removed successfully
HKLM\System\CurrentControlSet\Services\CryptoPreventFolderWatch => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CryptoPreventMonSvc => removed successfully
HKLM\System\CurrentControlSet\Services\CryptoPreventMonSvc => not found
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update => removed successfully
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" => Error: No automatic fix found for this entry.

==== End of Fixlog 21:50:17 ====


  • 0

#81
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.11.2018
Ran by BReese76 (administrator) on BREESE76-HP (22-11-2018 22:03:42)
Running from C:\Users\BReese76\Desktop
Loaded Profiles: BReese76 (Available Profiles: BReese76)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3711320 2018-10-26] (Malwarebytes)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-19] (AVAST Software)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7429280 2018-07-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7429280 2018-07-25] (Fitbit, Inc.)
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5E1B1D25-767C-4FD6-AE4C-55CFC5626C29}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E745E9B4-9BA4-4154-BDFC-4B77998EAAFE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-239473584-822298280-3168733615-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {A3F3D8FE-86AE-4813-B96F-A656930924FD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-239473584-822298280-3168733615-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-11-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-11-04] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-11-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206 [2018-11-22]
FF Homepage: Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206 -> www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206 -> about:newtab
FF Extension: (Grammarly for Firefox) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-10-30]
FF Extension: (New XKit) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\@new-xkit.xpi [2018-03-31]
FF Extension: (AdBlocker Ultimate) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-10-25]
FF Extension: (YouTube™ Flash® Player) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-01-28]
FF Extension: (uBlock Origin) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-11-06]
FF Extension: (Avast Online Security) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\[email protected] [2018-11-20]
FF Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2018-11-07]
FF Extension: (Popup Blocker Ultimate) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2018-10-01]
FF Extension: (Hard Refresh Button) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{b6da57d3-9727-4bc0-b974-d13e7c004af0}.xpi [2017-11-20]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\BReese76\AppData\Roaming\Mozilla\Firefox\Profiles\lct2jq7h.default-1489776093206\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-10-07]
FF Extension: (Yahoo! Toolbar) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-11-15] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-19] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-239473584-822298280-3168733615-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default [2018-11-22]
CHR Extension: (Slides) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Docs) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Google Drive) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
CHR Extension: (YouTube) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
CHR Extension: (Adblock Plus) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-11-14]
CHR Extension: (uBlock Origin) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-11-06]
CHR Extension: (Avast Passwords) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-11-19]
CHR Extension: (Sheets) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (AdBlock) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-11-04]
CHR Extension: (Yahoo Partner) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2018-04-28]
CHR Extension: (Avast Online Security) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-09-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-11-16]
CHR Extension: (GIFit!) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoojcphcmgcplkpckkjpdlloooifgec [2018-11-04]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\BReese76\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor13.0; C:\Program Files\Adobe\Elements 13 Organizer\PhotoshopElementsFileAgent.exe [231120 2014-08-31] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-19] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-11-19] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9669920 2018-11-02] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [6115488 2018-07-25] (Fitbit, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S4 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\windows\system32\WirelessKB850NotificationService.exe [174256 2018-05-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\windows\System32\drivers\aswArPot.sys [201240 2018-11-19] (AVAST Software)
R1 aswbidsdriver; C:\windows\System32\drivers\aswbidsdrivera.sys [230344 2018-11-19] (AVAST Software)
R0 aswbidsh; C:\windows\System32\drivers\aswbidsha.sys [201768 2018-11-19] (AVAST Software)
R0 aswblog; C:\windows\System32\drivers\aswbloga.sys [346592 2018-11-19] (AVAST Software)
R0 aswbuniv; C:\windows\System32\drivers\aswbuniva.sys [59496 2018-11-19] (AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [239608 2018-11-20] (AVAST Software)
S3 aswHwid; C:\windows\System32\drivers\aswHwid.sys [46384 2018-11-19] (AVAST Software)
R1 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42288 2018-11-19] (AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [163208 2018-11-19] (AVAST Software)
R1 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [111800 2018-11-19] (AVAST Software)
R0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87432 2018-11-19] (AVAST Software)
R1 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1028680 2018-11-19] (AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [469272 2018-11-19] (AVAST Software)
R2 aswStm; C:\windows\System32\drivers\aswStm.sys [208472 2018-11-19] (AVAST Software)
R0 aswVmm; C:\windows\System32\drivers\aswVmm.sys [380464 2018-11-19] (AVAST Software)
S3 cmnxusbser; C:\windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [260480 2018-11-22] (Malwarebytes)
S3 netr28x; C:\windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-05-14] (CACE Technologies, Inc.)
R0 PxHlpa64; C:\windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 rspLLL; C:\windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S3 sscdserd; C:\windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 WDC_SAM; C:\windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Western Digital Technologies)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-22 21:59 - 2018-11-22 21:59 - 000260480 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-11-20 22:55 - 2018-11-20 22:55 - 004463104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2018-11-19 23:17 - 2018-11-19 23:24 - 000000000 ____D C:\Users\BReese76\Downloads\Bootlegs
2018-11-19 23:03 - 2018-11-19 23:03 - 000042792 _____ C:\Users\BReese76\Desktop\MTB.txt
2018-11-19 23:01 - 2018-11-19 23:01 - 000892416 _____ (Farbar) C:\Users\BReese76\Desktop\MiniToolBox.exe
2018-11-19 17:22 - 2018-11-19 17:21 - 000378584 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2018-11-17 14:12 - 2018-11-17 14:12 - 000001830 _____ C:\Users\BReese76\Downloads\cc_20181117_141205.reg
2018-11-17 14:11 - 2018-11-17 14:11 - 000040930 _____ C:\Users\BReese76\Downloads\cc_20181117_141111.reg
2018-11-17 14:11 - 2018-11-17 14:11 - 000001174 _____ C:\Users\BReese76\Downloads\cc_20181117_141131.reg
2018-11-17 14:10 - 2018-11-17 14:10 - 000156280 _____ C:\Users\BReese76\Downloads\cc_20181117_141049.reg
2018-11-17 11:59 - 2018-11-17 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-11-17 11:13 - 2018-11-17 11:13 - 000000784 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-16 00:10 - 2018-11-16 00:10 - 000000000 ____D C:\Users\BReese76\Desktop\345 Final Stuff
2018-11-10 20:24 - 2018-11-13 10:11 - 000000000 ____D C:\Users\BReese76\AppData\Local\Adobe
2018-11-09 23:56 - 2018-11-09 23:56 - 005250965 _____ C:\Users\BReese76\Downloads\vault_tec_id_card_by_zanderyurami-dcrlu4u.psd
2018-11-09 22:57 - 2018-11-09 22:57 - 000107628 _____ C:\Users\BReese76\Downloads\cc_20181109_225659.reg
2018-11-09 22:40 - 2018-11-22 21:50 - 000004381 _____ C:\Users\BReese76\Desktop\Fixlog.txt
2018-11-08 21:33 - 2018-11-08 21:33 - 000002233 _____ C:\Users\BReese76\Desktop\Kindle.lnk
2018-11-06 21:53 - 2018-11-06 21:53 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\CrystalIdea Software
2018-11-05 21:14 - 2018-11-10 21:36 - 002885868 _____ C:\Users\BReese76\Desktop\SearchReg.txt
2018-11-05 21:09 - 2018-11-05 21:09 - 003938816 _____ C:\Users\BReese76\Downloads\OWL Peer Review Presentation HUM 345W.ppt
2018-11-04 22:23 - 2018-11-17 11:59 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-11-04 22:23 - 2018-11-17 11:59 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-31 20:45 - 2018-10-31 20:45 - 000000000 ____D C:\ProgramData\Ralink
2018-10-29 20:16 - 2018-11-15 22:33 - 000003666 _____ C:\windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-10-29 20:16 - 2018-10-29 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-10-28 08:29 - 2018-10-28 21:59 - 000000000 ____D C:\Users\BReese76\Desktop\TP Files
2018-10-27 15:30 - 2018-10-27 16:09 - 000000000 ___RD C:\Users\BReese76\Creative Cloud Files
2018-10-27 15:20 - 2018-10-27 15:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-10-27 15:20 - 2018-10-27 15:20 - 000000000 ____D C:\Program Files\VS Revo Group
2018-10-27 15:17 - 2018-10-27 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2018-10-27 15:17 - 2018-10-27 15:17 - 000000000 ____D C:\Program Files\LatencyMon
2018-10-27 15:17 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\windows\system32\Drivers\rspLLL64.sys
2018-10-27 12:17 - 2018-10-27 12:17 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-10-27 12:17 - 2018-10-27 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-10-27 12:17 - 2018-10-27 12:17 - 000000000 ____D C:\Program Files (x86)\WinDirStat
2018-10-27 11:21 - 2018-10-27 11:21 - 000749133 _____ C:\Users\BReese76\Downloads\nejmsa1803972.pdf
2018-10-27 11:09 - 2018-10-27 11:09 - 002379965 _____ C:\Users\BReese76\Downloads\26502501.pdf
2018-10-27 09:47 - 2018-10-27 09:47 - 000000000 ____D C:\windows\CheckSur
2018-10-27 09:39 - 2018-10-27 09:39 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\AVAST Software
2018-10-27 09:39 - 2018-10-27 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2018-10-27 09:38 - 2018-11-20 21:39 - 000239608 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2018-10-27 09:38 - 2018-11-19 17:23 - 000003910 _____ C:\windows\System32\Tasks\Avast Emergency Update
2018-10-27 09:38 - 2018-11-19 17:21 - 000469272 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000380464 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000208472 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000201240 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000163208 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000111800 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000087432 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2018-10-27 09:38 - 2018-11-19 17:21 - 000046384 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2018-10-27 09:38 - 2018-11-19 17:20 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2018-10-27 09:38 - 2018-11-19 17:19 - 001028680 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2018-10-27 09:38 - 2018-11-19 17:19 - 000346592 _____ (AVAST Software) C:\windows\system32\Drivers\aswbloga.sys
2018-10-27 09:38 - 2018-11-19 17:19 - 000059496 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniva.sys
2018-10-27 09:38 - 2018-11-19 17:18 - 000230344 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdrivera.sys
2018-10-27 09:38 - 2018-11-19 17:18 - 000201768 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsha.sys
2018-10-27 09:37 - 2018-10-27 09:37 - 000000000 ____D C:\Program Files\AVAST Software
2018-10-27 00:25 - 2018-10-27 00:25 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-26 15:11 - 2018-10-26 15:12 - 000987383 _____ C:\Users\BReese76\Downloads\20557379_f07df4feb86bc5402f9bcaeb2d34beae98cdb560.cab
2018-10-26 14:55 - 2018-10-26 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2018-10-26 13:41 - 2018-10-26 13:42 - 000000033 _____ C:\Users\BReese76\Desktop\F76.txt
2018-10-26 09:29 - 2018-11-15 22:33 - 000003470 _____ C:\windows\System32\Tasks\AdobeGCInvoker-1.0-BReese76-HP-BReese76
2018-10-25 23:21 - 2018-10-25 23:22 - 000030933 _____ C:\Users\BReese76\Desktop\Geck.pdf
2018-10-25 16:09 - 2018-10-25 16:09 - 000010613 _____ C:\junk.txt
2018-10-25 15:58 - 2018-11-21 19:54 - 000053963 _____ C:\Users\BReese76\Desktop\Addition.txt
2018-10-25 15:46 - 2018-11-22 22:09 - 000023673 _____ C:\Users\BReese76\Desktop\FRST.txt
2018-10-25 15:43 - 2018-10-26 15:08 - 000000000 ____D C:\Users\BReese76\AppData\Local\Plays
2018-10-25 15:43 - 2018-10-25 15:48 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plays.tv, Inc
2018-10-25 15:43 - 2018-10-25 15:48 - 000000000 ____D C:\Users\BReese76\AppData\Local\Plays-ltc
2018-10-25 15:41 - 2018-10-25 18:00 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Plays
2018-10-25 15:38 - 2018-10-25 15:38 - 000000000 ____D C:\Users\BReese76\AppData\Local\{E6CA9661-A945-4BD0-BF5E-5DD6778360EC}
2018-10-25 15:32 - 2018-11-21 19:33 - 000000000 ____D C:\Users\BReese76\Desktop\FRST-OlderVersion
2018-10-25 09:03 - 2018-10-25 09:03 - 000000000 ____D C:\Users\BReese76\AppData\Local\FitbitConnect
2018-10-25 09:03 - 2018-10-25 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2018-10-25 09:03 - 2018-10-25 09:03 - 000000000 ____D C:\Program Files (x86)\Fitbit Connect
2018-10-25 08:59 - 2018-10-25 09:00 - 059263264 _____ (Fitbit Inc.) C:\Users\BReese76\Downloads\FitbitConnect-v2.0.2.7066-2018-07-25.exe
2018-10-23 21:22 - 2018-10-23 21:22 - 000002820 _____ C:\VEWApplication.txt
2018-10-23 21:08 - 2018-11-21 19:33 - 002416640 _____ (Farbar) C:\Users\BReese76\Desktop\FRST64.exe
2018-10-23 21:07 - 2018-10-31 20:15 - 000015135 _____ C:\VEW.txt
2018-10-23 20:34 - 2018-10-23 20:34 - 020975616 _____ C:\Users\BReese76\Documents\WinLog102318.evtx
2018-10-23 20:34 - 2018-10-23 20:34 - 020975616 _____ C:\Users\BReese76\Documents\AppLog102318.evtx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-22 22:04 - 2009-07-13 21:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-11-22 22:04 - 2009-07-13 21:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-11-22 22:03 - 2018-02-02 14:49 - 000000000 ____D C:\FRST
2018-11-22 22:02 - 2017-09-26 20:35 - 000000000 ____D C:\Users\BReese76\AppData\Local\AVAST Software
2018-11-22 21:59 - 2012-11-21 21:17 - 000000000 ____D C:\ProgramData\PDFC
2018-11-22 21:59 - 2009-07-13 22:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-11-22 21:56 - 2016-11-15 21:55 - 000000000 ____D C:\Users\BReese76\AppData\LocalLow\Mozilla
2018-11-22 01:24 - 2017-01-05 10:02 - 000014802 _____ C:\Users\BReese76\Desktop\Bills.xlsx
2018-11-20 22:55 - 2018-03-13 22:55 - 000004476 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-20 22:55 - 2013-05-15 09:12 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-11-20 22:55 - 2012-11-21 21:15 - 000842240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-11-20 22:55 - 2012-11-21 21:15 - 000175104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-20 22:55 - 2012-11-21 21:15 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-11-20 22:55 - 2012-11-21 21:15 - 000000000 ____D C:\windows\system32\Macromed
2018-11-20 21:50 - 2012-12-13 15:47 - 000000000 ____D C:\ProgramData\AVAST Software
2018-11-19 23:20 - 2017-06-13 22:24 - 000000000 ____D C:\Users\BReese76\Downloads\EXE's
2018-11-17 21:57 - 2012-12-13 20:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 12:01 - 2017-01-12 13:53 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-17 12:00 - 2009-07-13 20:20 - 000000000 ____D C:\windows\inf
2018-11-17 11:58 - 2012-11-21 21:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-11-17 11:13 - 2018-08-20 22:17 - 000003870 _____ C:\windows\System32\Tasks\CCleaner Update
2018-11-17 11:13 - 2016-11-15 15:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-11-16 15:52 - 2016-12-01 21:28 - 000000208 _____ C:\Users\BReese76\Desktop\Nests.txt
2018-11-15 22:33 - 2018-10-19 22:44 - 000003514 _____ C:\windows\System32\Tasks\AdobeAAMUpdater-1.0-BReese76-HP-BReese76
2018-11-15 22:33 - 2018-08-20 22:17 - 000002802 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2018-11-15 22:33 - 2015-12-03 20:31 - 000000000 ____D C:\windows\System32\Tasks\AVAST Software
2018-11-15 22:33 - 2015-05-13 16:28 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2018-11-15 22:33 - 2013-02-12 22:00 - 000003204 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-15 19:16 - 2017-01-13 13:14 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-11-12 21:07 - 2014-11-06 00:07 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-11 22:44 - 2014-10-23 12:18 - 000000000 ____D C:\Program Files (x86)\Real
2018-11-10 20:44 - 2017-03-19 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2018-11-09 23:52 - 2013-01-01 14:18 - 000000000 ____D C:\Program Files (x86)\7-Zip
2018-11-09 23:37 - 2012-12-23 10:22 - 000000000 ____D C:\Users\BReese76\Tracing
2018-11-09 23:01 - 2018-09-01 08:27 - 000000000 ____D C:\windows\Minidump
2018-11-09 23:01 - 2012-12-14 21:05 - 000000000 ____D C:\Users\BReese76\AppData\Local\CrashDumps
2018-11-09 22:55 - 2018-08-20 22:17 - 000000000 ____D C:\Program Files\CCleaner
2018-11-09 22:42 - 2013-10-07 22:29 - 000000000 ____D C:\Program Files\Adobe
2018-11-08 21:37 - 2018-09-10 19:42 - 000000000 ____D C:\Users\BReese76\Documents\My Kindle Content
2018-11-08 21:37 - 2015-12-22 22:39 - 000001933 _____ C:\Users\BReese76\Desktop\bands to listen to.txt
2018-11-06 11:12 - 2012-12-13 15:38 - 000000000 ____D C:\Users\BReese76\AppData\Local\PDFC
2018-11-04 23:05 - 2016-06-09 12:56 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Google
2018-10-31 20:44 - 2012-11-21 21:06 - 000000000 ____D C:\windows\system32\RaLanguages
2018-10-31 20:42 - 2012-11-21 21:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2018-10-31 20:41 - 2011-02-11 09:32 - 000000000 ____D C:\SWSETUP
2018-10-29 21:07 - 2012-12-13 15:43 - 000124632 _____ C:\Users\BReese76\AppData\Local\GDIPFONTCACHEV1.DAT
2018-10-29 21:04 - 2009-07-13 21:45 - 005154608 _____ C:\windows\system32\FNTCACHE.DAT
2018-10-28 07:40 - 2009-07-13 22:13 - 000781298 _____ C:\windows\system32\PerfStringBackup.INI
2018-10-27 16:12 - 2017-03-22 21:26 - 000000000 ___HD C:\adobeTemp
2018-10-27 15:39 - 2016-06-06 21:03 - 000007597 _____ C:\Users\BReese76\AppData\Local\Resmon.ResmonCfg
2018-10-27 15:30 - 2012-12-13 15:31 - 000000000 ____D C:\Users\BReese76
2018-10-27 15:25 - 2013-02-02 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2018-10-27 12:08 - 2015-08-26 21:59 - 000000000 ____D C:\Program Files\Java
2018-10-27 00:26 - 2013-05-19 13:54 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Dropbox
2018-10-26 15:19 - 2012-11-21 21:19 - 000000000 ____D C:\Program Files (x86)\Windows Live
2018-10-26 15:18 - 2009-07-13 20:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-10-26 15:01 - 2014-11-10 23:15 - 000000000 ____D C:\ProgramData\Apple
2018-10-26 14:58 - 2013-02-02 21:46 - 000000000 ____D C:\Users\BReese76\Documents\My Digital Editions
2018-10-26 14:58 - 2012-12-14 21:03 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-10-26 14:55 - 2017-03-18 12:40 - 000000000 ____D C:\Program Files (x86)\Raptr Inc
2018-10-26 10:29 - 2018-10-12 15:30 - 000152688 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2018-10-25 15:48 - 2015-05-27 22:47 - 000000000 ____D C:\Users\BReese76\AppData\Local\SquirrelTemp
2018-10-25 15:45 - 2012-12-13 20:54 - 000000000 ____D C:\Brians
2018-10-25 15:42 - 2017-04-16 13:29 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\Spotify
2018-10-25 15:42 - 2013-02-25 22:40 - 000000000 ____D C:\Users\BReese76\AppData\Local\Spotify
2018-10-25 15:41 - 2017-03-18 12:41 - 000000000 ____D C:\Users\BReese76\AppData\Roaming\PlaysTV
2018-10-25 09:03 - 2016-01-03 11:50 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-10-25 09:03 - 2014-12-26 22:57 - 000000000 ____D C:\ProgramData\FitbitConnect
2018-10-24 22:54 - 2017-08-31 09:20 - 000000000 _____ C:\windows\SysWOW64\last.dump

==================== Files in the root of some directories =======

2016-09-16 12:46 - 2016-09-16 12:46 - 000000132 _____ () C:\Users\BReese76\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-10-30 21:07 - 2018-05-29 22:25 - 000000033 _____ () C:\Users\BReese76\AppData\Roaming\AdobeWLCMCache.dat
2018-09-25 20:50 - 2018-09-25 20:50 - 000000000 _____ () C:\Users\BReese76\AppData\Local\oobelibMkey.log
2013-11-10 21:16 - 2013-11-10 21:16 - 000002647 _____ () C:\Users\BReese76\AppData\Local\recently-used.xbel
2016-06-06 21:03 - 2018-10-27 15:39 - 000007597 _____ () C:\Users\BReese76\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-16 15:05

==================== End of FRST.txt ============================


  • 0

#82
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.11.2018
Ran by BReese76 (22-11-2018 22:15:02)
Running from C:\Users\BReese76\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-13 22:31:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-239473584-822298280-3168733615-500 - Administrator - Disabled)
BReese76 (S-1-5-21-239473584-822298280-3168733615-1001 - Administrator - Enabled) => C:\Users\BReese76
Guest (S-1-5-21-239473584-822298280-3168733615-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-239473584-822298280-3168733615-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-cae94c41-98d3-4995-a92c-1a9f8e9e703a) (Version: 2.2.0.98 - WildTangent) Hidden
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 18.05 (HKLM-x32\...\{23170F69-40C1-2701-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
ActivePerl 5.16.1 Build 1601 (HKLM-x32\...\{9441AF70-8CCC-41EE-B2C1-398F5FE7E387}) (Version: 5.16.1601 - ActiveState)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated)
Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_1) (Version: 8.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_5) (Version: 7.5 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_6) (Version: 19.1.6 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Amazon Kindle) (Version: 1.24.3.51068 - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\{EE54B7D5-57E0-A190-5D10-0982B52DF050}) (Version: 3.0.0 - Amazon Services LLC) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 8.0.16.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-e9b0d2ff-58f2-4f92-aa9f-4235ebcaa010) (Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WTA-5c3a7a94-dfef-4e00-8d66-77ba16901e21) (Version: 2.2.0.95 - WildTangent) Hidden
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
calibre (HKLM-x32\...\{B76A3B8A-CD1E-4260-BA4A-6A6EAA05715D}) (Version: 2.82.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WTA-18a12f60-8d31-4fc4-b9d4-ba8c3db71ff8) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-a28c47a7-a641-4085-a762-d1580dfb3be7) (Version: 2.2.0.98 - WildTangent) Hidden
CrystalDiskInfo 7.8.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.8.0 - Crystal Dew World)
CrystalDiskMark 6.0.1 (HKLM\...\CrystalDiskMark6_is1) (Version: 6.0.1 - Crystal Dew World)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-8f7267c2-328a-41f3-b2d6-034896b7d44c) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Dropbox) (Version: 60.4.107 - Dropbox, Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Escape the Emerald Star (HKLM-x32\...\WTA-0fa94eff-d6c9-4239-a91c-51c12c0444a0) (Version: 2.2.0.98 - WildTangent) Hidden
Fantasy Hockey League (HKLM-x32\...\ST5UNST #1) (Version:  - )
Farm Frenzy (HKLM-x32\...\WTA-ce060142-91ae-43c4-b0e0-f2c817140380) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-8100fd1a-3049-41a7-814f-8b53792f1f9b) (Version: 2.2.0.97 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-7202739a-55ea-4ae4-856c-5258f747150f) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-5dc76dc0-c994-4092-bb73-46a81f3bd8ae) (Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{2F0A730C-3593-4637-B740-B9F589591376}) (Version: 2.0.2.7066 - Fitbit Inc.)
FITS Liberator 3.0.1 (HKLM-x32\...\FITS Liberator) (Version: 3.0.1 - ESO/ESA/NASA)
Golden Trails 2: The Lost Legacy Collector's Edition (HKLM-x32\...\WTA-9d8b0610-c5e3-45ee-af7c-cdeea94b2e90) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-d2187750-9140-4bdc-80c4-23556ca5aa81) (Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.9.18.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-4a300df6-0a04-42ca-8731-ce1dc72d918d) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-cde176c2-3fbb-4206-8d44-8c409895fe58) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-57a418fb-a77e-43a6-b537-20d17df5f4d0) (Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor HD (HKLM-x32\...\WTA-afa075f1-744f-4c53-9043-24311e6226ae) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-e396b932-3635-442c-a16a-ad5e9cd9ba6f) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11001.20108 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-99303275-448e-4ef7-af3b-382815c633d8) (Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life 2 (HKLM-x32\...\WTA-c2399047-bc9f-4bd9-be08-2bb213f1caf9) (Version: 2.2.0.98 - WildTangent) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Noiseware Community Edition (HKLM-x32\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11001.20108 - Microsoft Corporation) Hidden
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Penguins! (HKLM-x32\...\WTA-ba1d02c0-99a5-44d9-ad50-d78e0ff275e1) (Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-5265d433-55cf-4f91-8af7-6f222f20ecbe) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-f45a2279-a2f0-4996-b789-170e0caa6692) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-49198b23-c076-479e-8963-efcc5b8f3b43) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-717d6b13-c516-4e2f-aa7b-6859d039bc61) (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.)
PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.10.0 - Mediatek)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Roads of Rome 3 (HKLM-x32\...\WTA-e94797d3-3b47-45b2-b709-a68038792160) (Version: 2.2.0.98 - WildTangent) Hidden
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Spotify (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\Spotify) (Version: 1.0.91.183.g259b84fa - Spotify AB)
Stellarium 0.12.1 (HKLM\...\Stellarium_is1) (Version: 0.12.1 - Stellarium team)
Tales of Lagoona (HKLM-x32\...\WTA-8ae7d57e-9bf6-4714-9287-2ebbabeb96ba) (Version: 2.2.0.98 - WildTangent) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)
TI USB3 Host Driver (HKLM-x32\...\{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.) Hidden
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\WTA-564fcbde-007d-4035-80b5-601ed66ad9f1) (Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (HKLM-x32\...\{F89BADB0-D319-470E-8024-443EE3A3402B}) (Version: 5.1.15.0 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.3.0 - Tweaking.com)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-2bbf0a89-bf22-4c3a-80ae-5e03ef3a7a49) (Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.5 - WildTangent) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-239473584-822298280-3168733615-1001\...\WinDirStat) (Version:  - )
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Youda Fisherman (HKLM-x32\...\WTA-d63f8446-d7e3-4baa-a564-dd263804d9c6) (Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (HKLM-x32\...\WTA-5ba1d7e5-572b-42a4-bae2-e30c907395b5) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-239473584-822298280-3168733615-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-02-12] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-11-19] (AVAST Software)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1_S-1-5-21-239473584-822298280-3168733615-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-239473584-822298280-3168733615-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-239473584-822298280-3168733615-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\BReese76\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-10-24] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000A66B4-C5A7-40C0-ABE1-08F62EE40AAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0CFDE608-A517-4970-8DD5-7D27BCC5DD06} - System32\Tasks\AdobeGCInvoker-1.0-BReese76-HP-BReese76 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated)
Task: {13DD1953-A60D-445C-BB50-41C3C19AAE59} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-11-17] (Microsoft Corporation)
Task: {1E00BF53-E352-4DA4-B795-01FED872799B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2754156C-20FF-4CD1-8DBD-89ECBC13D3D4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-10-27] (AVAST Software)
Task: {32B0AA4F-52BC-42AE-B6D7-BFBF6E75664C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {33076945-963E-4EC4-A13C-EB638BBC2955} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {46A5A90B-A669-442B-8B6B-FF40C235C02E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {46F71F37-40A9-4ED7-9429-9DD41EE76C65} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {5029C1CA-5BCE-4679-A841-B76E8DFF3FC8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {58DE2B7F-0A9A-4313-8D3C-582AAF3A649C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-11-19] (AVAST Software)
Task: {6589F81E-1407-474E-8C47-6C46168D97C5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {66966F34-9999-47C9-B34A-F4953997AB54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-17] (Microsoft Corporation)
Task: {6D9C6D34-86C2-427A-A303-7664C9BFA920} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-20] (Adobe Systems Incorporated)
Task: {75C8E018-FAF0-4181-980B-8D0C5400D07E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001UA => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {79422CDF-05D6-4144-AB98-1A2FD7D912A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {841B6135-9515-4BCD-91E6-82259A468D69} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {8EED3BE9-ABF2-4ABD-B322-AE309DF696F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9420A5AA-43B0-436C-844D-D60495D91273} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9561EE76-4A00-4207-A4A6-A02BEF961013} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-11-17] (Microsoft Corporation)
Task: {9CB1120C-48FE-45A1-839E-D793E9AED94B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9DC23B30-F922-446B-B441-19321A47FDF7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-11-17] (Microsoft Corporation)
Task: {B62466C6-3941-4D30-BF26-597D3B58ADD3} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {BAD5407C-EF68-4424-9623-ECDD618259FE} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-239473584-822298280-3168733615-1001Core => C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {BC0B38A5-D4D5-46F8-AFBD-29638758B612} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C365ED2D-49B0-47DC-B27A-233A27F2F956} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C5076A86-711E-47E8-B73A-DCBDB7048190} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-02] (Microsoft Corporation)
Task: {E5937814-01F5-4765-A731-3DD78EE5817F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2018-08-30] (HP Inc.)
Task: {E870D75C-F851-459E-B3F8-6BB7B63CDA68} - System32\Tasks\Java Check => “C:\Program [Argument = Files\Java\jre1.6.0_01\bin\jucheck.exe”]
Task: {E9348A4E-9932-4F16-A079-233DC63FBF06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F4954C7E-F1F3-4A24-9E4B-D6D71AEAA2E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {F57B3142-65DA-443D-8CC3-1FBF352738D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-11-17] (Microsoft Corporation)
Task: {F717F655-E608-4A88-8B12-54BE5F49E81F} - System32\Tasks\AdobeAAMUpdater-1.0-BReese76-HP-BReese76 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-02-20 22:09 - 2013-06-17 16:40 - 000035944 _____ () C:\windows\system32\ddmon4-64x.dll
2018-10-12 15:30 - 2018-10-26 10:29 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-11-19 17:20 - 2018-11-19 17:20 - 000728792 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2018-03-05 20:47 - 2018-03-05 20:47 - 000614848 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-02-12 15:31 - 2017-02-12 15:31 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-11-19 17:20 - 2018-11-19 17:20 - 000919256 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-11-19 17:20 - 2018-11-19 17:20 - 000596696 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-11-22 13:44 - 2018-11-22 13:44 - 005736080 _____ () C:\Program Files\AVAST Software\Avast\defs\18112206\algo.dll
2018-11-19 17:19 - 2018-11-19 17:19 - 000496344 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-11-19 17:19 - 2018-11-19 17:19 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-11-19 17:19 - 2018-11-19 17:19 - 001112280 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-07-20 22:13 - 2018-07-20 22:13 - 080293888 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2018-07-25 22:04 - 2018-07-25 22:04 - 000068608 ____R () C:\Program Files (x86)\Fitbit Connect\MP3Gain.dll
2018-10-27 09:39 - 2018-10-27 09:39 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Adobe Photoshop CS6 13.0 Final  Multilanguage (patch-PainteR) [ChingLiu]:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2018-11-22 21:59 - 000003413 _____ C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-239473584-822298280-3168733615-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: Dropbox Update => "C:\Users\BReese76\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D86A00B7-D787-4FCF-99DE-7828BCCCAAB4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9207830A-E076-48DE-923C-0ED795B6911A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0351AACC-82F6-431C-833C-B0F6AE936B88}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{0E08BD01-86AA-40C4-BB2E-CCDBC0329DF4}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{5BF64805-C0E7-4D45-B92D-444F9F19CE0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{90F94230-F5F8-4433-B01C-E2F733161CD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{406EDAFD-BDB5-45CB-85EA-9E5A623398D9}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A10894CE-0E9F-4B8C-B334-5219B7792227}C:\users\breese76\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0AE574CF-CB8F-45DA-B1E0-C510D13BDE60}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4626A069-0430-4CB6-B649-D014987AC2E3}] => (Block) C:\users\breese76\appdata\roaming\spotify\spotify.exe
FirewallRules: [{397F67DA-7FA0-48F4-91E1-A9D6E2FF016C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{8499C925-E03E-4489-AC50-4C3A46D0F887}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{FB8F4E8E-67DA-421B-AEB5-C0A32CD85F08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{40DDC61A-3ADA-4E13-B05F-40BC8D433297}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7637EC3F-5FE6-4980-9AF4-63937327F824}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{387C399E-1650-48A9-895E-BE8B254769CA}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{99B18C80-5651-4DF1-9D7D-5F3B7CC6C68E}C:\program files\adobe\adobe animate cc 2017\animate.exe] => (Allow) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [UDP Query User{DF9E8C34-7F2D-4EB8-B268-B5767D0C6A59}C:\program files\adobe\adobe animate cc 2017\animate.exe] => (Allow) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [{D93012D1-174B-4435-9226-86890370A575}] => (Block) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [{8798B6CD-A844-4093-B348-524C2BB41397}] => (Block) C:\program files\adobe\adobe animate cc 2017\animate.exe
FirewallRules: [{2F563B47-0847-4817-B018-E55552F9E2A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F62FFA17-3323-4155-965A-2EE56A8BABEF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C28DCD0B-1F6A-4BD8-ABD5-6139E3FBE114}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F3A039D5-D3E4-430A-B56F-B758526E2DEC}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{4EEE1BBE-15E9-419F-80BA-9A05DD89B3F9}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{A28C605B-0756-4196-BDBF-45C7CE892841}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{45AE197E-2D6E-428F-B1C2-BEBC8FA76113}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8B31B6F3-ACCB-4080-950E-30B2AC75932F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C03AC624-0A25-46DA-AEA9-8AA30B9D39A9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{30668312-C1EC-40AD-AF08-3282DE9E812D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Restore Points =========================

10-11-2018 20:58:06 Removed RealUpgrade 1.1
10-11-2018 21:01:30 Removed RealNetworks - Microsoft Visual C++ 2008 Runtime
10-11-2018 21:09:50 Removed RealNetworks - Microsoft Visual C++ 2010 Runtime
19-11-2018 18:26:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2018 03:53:32 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {0039D1C4-0002-0000-0000-0000F0000000}. The error code was 0x80010114.

Error: (11/22/2018 03:52:01 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {0039E7D4-0002-0000-0000-0000F0000000}. The error code was 0x800401fd.

Error: (11/22/2018 03:50:27 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {0039DC94-0002-0000-0000-0000F0000000}. The error code was 0x800401fd.

Error: (11/22/2018 03:49:44 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {0039DC94-0002-0000-0000-0000F0000000}. The error code was 0x80010114.

Error: (11/22/2018 03:49:44 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {0039D23C-0002-0000-0000-0000F0000000}. The error code was 0x800401fd.

Error: (11/22/2018 12:28:59 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/20/2018 10:17:56 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

Error: (11/20/2018 09:18:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (11/22/2018 10:10:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2018 10:05:29 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/22/2018 10:00:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2018 09:56:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (11/22/2018 09:48:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2018 09:38:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2018 09:28:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2018 09:18:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 36%
Total physical RAM: 6100.01 MB
Available physical RAM: 3848.06 MB
Total Virtual: 12198.17 MB
Available Virtual: 10176.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.65 GB) (Free:437.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.64 GB) (Free:2.07 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4C3DA384)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#83
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

This error:

 

Error: (11/22/2018 10:10:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

 

is probably not very important but there is a fix if you want to try it:

 

http://www.itexperie...8-a06ad6d8b4d1/

 

How is it running now?


  • 0

#84
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

Did the suggested fix. I think I did it correctly :)

 

Its running smoothly right now, but that could be an aberation. Gonna give it a day or two to determine if its good.


  • 0

#85
BrianR1976

BrianR1976

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 355 posts

A few days on and the computer is running pretty smooth. It's still running a little slow on startup but otherwise its running good.


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP