1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved SpyHunter removal

Discussion in 'Virus & Other Malware Removal' started by turky, Jan 28, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    25
    Computer is very slow to boot up at least partly due to Spyhunter still being in the system. Can't find any listing to uninstall it but when computer boots up it is running. Help please.
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 4
    RAM: 8073 Mb
    Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
    Hard Drives: C: 452 GB (321 GB Free);
    Motherboard: Dell Inc., 06RYX8
    Antivirus: Emsisoft Anti-Malware, Disabled
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi turky,
    Let's run this first.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
    deinei likes this.
  3. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    25
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2019
    Ran by Jim (administrator) on JIMDELL (29-01-2019 22:07:30)
    Running from C:\Users\Jim\Desktop
    Loaded Profiles: Jim (Available Profiles: Jim)
    Platform: Windows 10 Home Version 1803 17134.523 (X64) Language: English (United States)
    Default browser: FF
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    (OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.122.333\AvastBrowserCrashHandler.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.122.333\AvastBrowserCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
    (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.464_none_eaf315ac1d6e512f\TiWorker.exe
    (Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.15.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.15.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-26] (AVAST Software)
    HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems, Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2019-01-15] (Apple Inc.)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4090176 2019-01-22] (Dropbox, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-26] (AVAST Software)
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
    HKLM\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Run: [Google Update] => C:\Users\Jim\AppData\Local\Google\Update\1.3.33.23\GoogleUpdateCore.exe [605992 2018-12-19] (Google Inc.)
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-10-01] (Apple Inc.)
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2019-01-15] (Apple Inc.)
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
    HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\Installer\chrmstp.exe [2019-01-16] (AVAST Software)
    HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2013-04-02] (Broadcom Corporation.)
    HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] ->
    AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x64\jaudcap.dll [309168 2016-10-11] (Jaksta Technologies Pty Ltd)
    Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2018-12-28]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    GroupPolicy: Restriction ? <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{09ca5195-17b1-4b0f-b260-6ecd2866685b}: [DhcpNameServer] 192.168.1.1 64.71.255.204
    Tcpip\..\Interfaces\{0ece8f6e-a017-4579-807b-a0bf07756c90}: [DhcpNameServer] 192.168.1.1 64.71.255.204
    Tcpip\..\Interfaces\{2412dc5c-5b7e-45af-aef8-ac4c541c343f}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{318b92c6-f91d-4758-a4ab-c8dad65e4b87}: [DhcpNameServer] 192.168.1.1 64.71.255.204
    Tcpip\..\Interfaces\{426fe8b3-0cef-4260-ae78-93f918b8df56}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{4605df38-0e26-4a60-9313-e7a3190b6d32}: [DhcpNameServer] 192.168.1.1 64.71.255.204
    Tcpip\..\Interfaces\{60c406c2-5086-4496-bfe0-b187b661617c}: [DhcpNameServer] 10.13.0.1
    Tcpip\..\Interfaces\{8506e818-4251-4261-ac62-d110723c0660}: [DhcpNameServer] 192.168.1.1 64.71.255.204
    Tcpip\..\Interfaces\{8c02c2d8-f9c8-413e-8a16-e10bab419a66}: [DhcpNameServer] 192.168.1.1 64.71.255.204
    Tcpip\..\Interfaces\{c5a055f6-0552-4d03-aa9c-c548b08b2095}: [DhcpNameServer] 192.168.1.1 64.71.255.204

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=hp-avast&type=avastbcl
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1008144949-3054828288-720014318-1001 -> {F63AACED-9A58-439E-8B8B-9579AD5BA935} URL =
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-11-25] (LastPass)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-13] (Oracle Corporation)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-11-25] (LastPass)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-13] (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-11-25] (LastPass)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-11-25] (LastPass)
    DPF: HKLM-x32 {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx

    FireFox:
    ========
    FF DefaultProfile: ofw1dpk9.default-1432123455793-1530493303077
    FF ProfilePath: C:\Users\Jim\AppData\Roaming\TomTom\HOME\Profiles\aqpmo31j.default [2016-12-13]
    FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2015-12-08] [Legacy] [not signed]
    FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077 [2019-01-29]
    FF NewTabOverride: Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077 -> Enabled: [email protected]
    FF Extension: (Yahoo Homepage) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077\Extensions\[email protected] [2018-12-24]
    FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077\Extensions\[email protected] [2019-01-24]
    FF Extension: (LastPass: Free Password Manager) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077\Extensions\[email protected] [2019-01-23]
    FF Extension: (Avast Online Security) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077\Extensions\[email protected] [2019-01-28]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-06] ()
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-11-25] (LastPass)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-06] ()
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-13] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-13] (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-11-25] (LastPass)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: @talk.google.com/O1DPlugin -> C:\Users\Jim\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Jim\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-12-03] (Zoom Video Communications, Inc.)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: SkypePlugin -> C:\Users\Jim\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi.dll [2016-01-15] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: SkypePlugin64 -> C:\Users\Jim\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi-x64.dll [2016-01-15] (Skype Technologies S.A.)
    FF Plugin HKU\S-1-5-21-1008144949-3054828288-720014318-1001: www.mydlink.com/Uplayer -> C:\Users\Jim\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Jim\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Jim\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default [2019-01-29]
    CHR Extension: (Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]
    CHR Extension: (Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-28]
    CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
    CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-06]
    CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
    CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-05]
    CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-10-03]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-01-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
    CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-30]
    CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-10]
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2018-12-28] (Adobe Systems) [File not signed]
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated)
    R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems, Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc.)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-26] (AVAST Software)
    S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [166072 2017-12-13] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-26] (AVAST Software)
    S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [166072 2017-12-13] (AVAST Software)
    S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe [390552 2019-01-09] (AVAST Software)
    S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-26] (AVAST Software)
    S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-28] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-28] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-01-22] (Dropbox, Inc.)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-02] (PC-Doctor, Inc.)
    S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10065712 2018-12-09] (EnigmaSoft Limited)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc.)
    R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17304 2015-08-31] (OpenVPN Technologies, Inc)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
    S2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537904 2018-12-09] (EnigmaSoft Limited)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
    S3 SWService; C:\Program Files (x86)\Syslog Watcher 4\SWService.exe [3430984 2015-08-24] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [265640 2018-09-26] (Synaptics Incorporated)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\NisSrv.exe [4096976 2019-01-24] (Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MsMpEng.exe [113992 2019-01-24] (Microsoft Corporation)
    R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6334464 2012-09-17] (Dell Inc.) [File not signed]
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-26] (AVAST Software)
    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-26] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [223056 2019-01-26] (AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-26] (AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-26] (AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-26] (AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-26] (AVAST Software)
    R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-26] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-26] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-26] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166792 2019-01-26] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-26] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-26] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-26] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-26] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-26] (AVAST Software)
    S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-07-08] (The OpenVPN Project)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-26] (AVAST Software)
    S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2017-12-05] (Bluestack System Inc. )
    R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
    S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Dell Computer Corporation)
    S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69232 2019-01-27] (EnigmaSoft Limited)
    S3 iadusb; C:\WINDOWS\system32\DRIVERS\glaui64.sys [52736 2007-04-21] (Conexant Systems Inc.)
    R3 jakstaVA; C:\WINDOWS\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
    R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-08-14] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [53880 2018-09-26] (Synaptics Incorporated)
    S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
    R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [50224 2017-08-20] (USBPcap)
    S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-07-24] (Cisco Systems, Inc.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46488 2019-01-24] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [343032 2019-01-24] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [63480 2019-01-24] (Microsoft Corporation)
    R4 eppdisk; system32\drivers\eppdisk.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-29 22:07 - 2019-01-29 22:08 - 000033943 _____ C:\Users\Jim\Desktop\FRST.txt
    2019-01-29 22:07 - 2019-01-29 22:07 - 000000000 ____D C:\FRST
    2019-01-29 22:05 - 2019-01-29 22:04 - 002428416 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe
    2019-01-29 22:04 - 2019-01-29 22:04 - 002428416 _____ (Farbar) C:\Users\Jim\Downloads\FRST64.exe
    2019-01-29 15:29 - 2019-01-29 15:29 - 000003224 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJim
    2019-01-29 15:29 - 2019-01-29 15:29 - 000000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJim.job
    2019-01-28 12:51 - 2019-01-28 12:51 - 000748192 _____ (TechGuy, Inc.) C:\Users\Jim\Downloads\SysInfo(2).exe
    2019-01-27 20:04 - 2019-01-27 20:04 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
    2019-01-27 20:04 - 2019-01-27 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2019-01-27 20:04 - 2019-01-27 20:04 - 000000000 ____D C:\Program Files\iPod
    2019-01-27 20:03 - 2019-01-27 20:04 - 000000000 ____D C:\Program Files\iTunes
    2019-01-27 10:39 - 2019-01-27 10:56 - 000069232 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
    2019-01-26 16:48 - 2019-01-26 16:48 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
    2019-01-26 16:48 - 2019-01-26 16:48 - 000166792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2019-01-26 15:51 - 2019-01-28 07:15 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2019-01-26 15:50 - 2019-01-26 15:49 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2019-01-26 15:50 - 2019-01-26 15:49 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2019-01-26 15:50 - 2019-01-26 15:48 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2019-01-26 15:50 - 2019-01-26 15:48 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
    2019-01-26 15:50 - 2019-01-26 15:48 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
    2019-01-26 15:50 - 2019-01-26 15:48 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
    2019-01-26 15:50 - 2019-01-26 15:48 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
    2019-01-26 15:49 - 2019-01-26 15:49 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2019-01-23 14:33 - 2019-01-23 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-01-22 13:36 - 2019-01-22 13:36 - 000001142 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    2019-01-22 13:36 - 2019-01-22 13:36 - 000000000 ____D C:\Users\Jim\AppData\Local\VS Revo Group
    2019-01-22 13:36 - 2019-01-22 13:36 - 000000000 ____D C:\ProgramData\VS Revo Group
    2019-01-22 13:36 - 2019-01-22 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2019-01-22 13:36 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2019-01-22 13:35 - 2019-01-22 13:35 - 000000000 ____D C:\Program Files\VS Revo Group
    2019-01-22 13:33 - 2019-01-22 13:33 - 016008384 _____ (VS Revo Group ) C:\Users\Jim\Downloads\RevoUninProSetup.exe
    2019-01-22 08:14 - 2019-01-22 08:14 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-01-22 08:14 - 2019-01-22 08:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-01-22 08:14 - 2019-01-22 08:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-01-22 08:14 - 2019-01-22 08:14 - 000047800 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-01-20 12:37 - 2018-09-19 23:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2019-01-10 16:23 - 2019-01-26 16:32 - 000000000 ____D C:\Users\Jim\AppData\Local\D3DSCache
    2019-01-10 14:57 - 2019-01-28 07:15 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
    2019-01-10 14:55 - 2019-01-10 14:56 - 019299120 _____ (Piriform Software Ltd) C:\Users\Jim\Downloads\ccsetup551.exe
    2019-01-09 11:58 - 2019-01-02 14:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-01-09 11:58 - 2019-01-02 14:41 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-01-09 11:47 - 2019-01-01 08:46 - 012710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-01-09 11:47 - 2019-01-01 08:20 - 011902976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-01-09 11:47 - 2019-01-01 02:14 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-01-09 11:47 - 2019-01-01 02:14 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-01-09 11:47 - 2019-01-01 02:14 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-01-09 11:47 - 2019-01-01 02:13 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2019-01-09 11:47 - 2019-01-01 02:13 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2019-01-09 11:47 - 2019-01-01 02:13 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-01-09 11:47 - 2019-01-01 02:13 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-01-09 11:47 - 2019-01-01 02:12 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-01-09 11:47 - 2019-01-01 02:12 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-01-09 11:47 - 2019-01-01 02:12 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-01-09 11:47 - 2019-01-01 02:12 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2019-01-09 11:47 - 2019-01-01 02:12 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-01-09 11:47 - 2019-01-01 01:55 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-01-09 11:47 - 2019-01-01 01:50 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-01-09 11:47 - 2019-01-01 01:50 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-01-09 11:47 - 2019-01-01 01:47 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-01-09 11:47 - 2019-01-01 01:46 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-01-09 11:47 - 2019-01-01 01:45 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-01-09 11:47 - 2019-01-01 01:45 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-01-09 11:47 - 2019-01-01 01:45 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2019-01-09 11:47 - 2019-01-01 01:44 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-01-09 11:47 - 2019-01-01 01:44 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-01-09 11:47 - 2019-01-01 01:44 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-01-09 11:47 - 2019-01-01 01:43 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-01-09 11:47 - 2019-01-01 01:42 - 004939776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-01-09 11:47 - 2019-01-01 01:42 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2019-01-09 11:47 - 2019-01-01 01:41 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2019-01-09 11:47 - 2019-01-01 01:41 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-01-09 11:47 - 2019-01-01 01:41 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-01-09 11:47 - 2019-01-01 01:37 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2019-01-09 11:47 - 2019-01-01 01:37 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-01-09 11:47 - 2019-01-01 01:37 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-01-09 11:47 - 2019-01-01 01:37 - 000581808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-01-09 11:47 - 2019-01-01 01:29 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-01-09 11:47 - 2019-01-01 01:22 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-01-09 11:47 - 2019-01-01 01:16 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-01-09 11:47 - 2019-01-01 01:16 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-01-09 11:47 - 2019-01-01 01:15 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-01-09 11:47 - 2019-01-01 01:15 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-01-09 11:47 - 2019-01-01 01:15 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-01-09 11:47 - 2019-01-01 01:15 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2019-01-09 11:47 - 2019-01-01 01:14 - 004514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-01-09 11:47 - 2019-01-01 01:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-01-09 11:47 - 2019-01-01 01:13 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-01-09 11:47 - 2019-01-01 01:13 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-01-09 11:46 - 2019-01-01 08:50 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-01-09 11:46 - 2019-01-01 08:47 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
    2019-01-09 11:46 - 2019-01-01 08:45 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2019-01-09 11:46 - 2019-01-01 08:45 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
    2019-01-09 11:46 - 2019-01-01 08:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-01-09 11:46 - 2019-01-01 08:20 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
    2019-01-09 11:46 - 2019-01-01 08:18 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2019-01-09 11:46 - 2019-01-01 08:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
    2019-01-09 11:46 - 2019-01-01 02:14 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-01-09 11:46 - 2019-01-01 02:14 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-01-09 11:46 - 2019-01-01 02:14 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-01-09 11:46 - 2019-01-01 02:13 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-01-09 11:46 - 2019-01-01 02:12 - 007520104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-01-09 11:46 - 2019-01-01 02:12 - 000268304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-01-09 11:46 - 2019-01-01 02:12 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
    2019-01-09 11:46 - 2019-01-01 02:12 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2019-01-09 11:46 - 2019-01-01 01:48 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
    2019-01-09 11:46 - 2019-01-01 01:48 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2019-01-09 11:46 - 2019-01-01 01:48 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
    2019-01-09 11:46 - 2019-01-01 01:47 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-01-09 11:46 - 2019-01-01 01:46 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
    2019-01-09 11:46 - 2019-01-01 01:46 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2019-01-09 11:46 - 2019-01-01 01:44 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
    2019-01-09 11:46 - 2019-01-01 01:44 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
    2019-01-09 11:46 - 2019-01-01 01:42 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2019-01-09 11:46 - 2019-01-01 01:42 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2019-01-09 11:46 - 2019-01-01 01:41 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2019-01-09 11:46 - 2019-01-01 01:37 - 006571584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-01-09 11:46 - 2019-01-01 01:37 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2019-01-09 11:46 - 2019-01-01 01:37 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-01-09 11:46 - 2019-01-01 01:17 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
    2019-01-09 11:46 - 2019-01-01 01:16 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2019-01-09 11:46 - 2019-01-01 01:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
    2019-01-09 11:46 - 2019-01-01 01:13 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2019-01-09 11:46 - 2019-01-01 01:12 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2019-01-09 11:46 - 2019-01-01 01:12 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2019-01-09 11:46 - 2019-01-01 01:12 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-01-09 11:46 - 2019-01-01 01:12 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
    2019-01-09 11:46 - 2019-01-01 00:23 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
    2019-01-09 11:46 - 2018-12-18 23:49 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-01-05 13:13 - 2019-01-05 13:13 - 000000000 ____D C:\Users\Jim\Documents\AdobeStockPhotos
    2019-01-03 08:27 - 2019-01-03 08:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-01-29 22:02 - 2018-06-11 07:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-01-29 22:02 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-01-29 19:56 - 2016-11-21 22:16 - 000000000 ____D C:\Users\Jim\AppData\LocalLow\Mozilla
    2019-01-29 19:56 - 2013-12-26 16:13 - 000000000 ____D C:\ProgramData\Mozilla
    2019-01-29 19:55 - 2017-04-21 07:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-01-29 19:55 - 2013-12-26 16:13 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2019-01-29 19:55 - 2013-12-26 16:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2019-01-29 16:03 - 2015-09-03 06:33 - 000000000 ____D C:\PrivateTunnel
    2019-01-29 14:54 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-01-27 19:56 - 2014-01-23 19:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2019-01-27 10:57 - 2018-05-28 06:49 - 000000000 ___RD C:\Users\Jim\Dropbox
    2019-01-27 10:54 - 2014-06-08 15:42 - 000000000 __SHD C:\Users\Jim\IntelGraphicsProfiles
    2019-01-27 10:52 - 2018-06-11 08:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-01-27 10:28 - 2018-04-11 16:04 - 001572864 _____ C:\WINDOWS\system32\config\BBI
    2019-01-26 16:35 - 2018-06-26 09:52 - 000000000 ____D C:\Users\Jim\AppData\Local\CrashDumps
    2019-01-26 15:49 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-01-26 15:33 - 2018-11-08 19:41 - 000003644 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
    2019-01-25 13:12 - 2017-12-13 07:17 - 000000000 ____D C:\Users\Jim\AppData\Local\AVAST Software
    2019-01-24 07:06 - 2018-06-11 08:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-01-23 17:30 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2019-01-23 14:34 - 2018-05-28 06:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-01-22 21:21 - 2018-05-28 06:39 - 000000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2019-01-22 21:18 - 2018-07-09 20:49 - 000000000 ____D C:\ProgramData\RivetNetworks
    2019-01-22 13:55 - 2018-12-21 09:22 - 000002838 _____ C:\WINDOWS\System32\Tasks\[email protected]
    2019-01-22 13:55 - 2018-06-11 08:30 - 000003106 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2019-01-22 13:55 - 2018-06-11 08:30 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2019-01-22 13:55 - 2018-06-11 08:30 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2019-01-22 11:56 - 2018-06-11 07:56 - 000000000 ____D C:\Users\Jim
    2019-01-20 13:00 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-01-20 12:13 - 2014-03-15 08:01 - 000000000 ____D C:\Program Files\Microsoft Silverlight
    2019-01-20 12:13 - 2014-03-15 08:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2019-01-17 21:24 - 2013-08-22 08:25 - 000000092 _____ C:\WINDOWS\win.ini
    2019-01-17 20:10 - 2018-11-17 15:37 - 000000000 ____D C:\Program Files\rempl
    2019-01-16 08:07 - 2017-12-13 07:17 - 000002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
    2019-01-16 08:07 - 2017-12-13 07:17 - 000002471 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
    2019-01-15 19:47 - 2014-03-15 08:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2019-01-10 16:14 - 2018-12-09 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
    2019-01-10 16:04 - 2018-12-09 20:40 - 000000680 _____ C:\WINDOWS\system32\.crusader
    2019-01-10 14:57 - 2016-10-13 08:21 - 000000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2019-01-09 22:25 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-01-09 22:25 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-01-09 12:04 - 2013-12-27 09:22 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-01-09 11:58 - 2013-12-27 09:22 - 132790320 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-01-08 13:18 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-01-07 15:12 - 2018-05-28 06:39 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2019-01-07 15:12 - 2014-01-05 11:09 - 000000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001UA.job
    2019-01-07 15:12 - 2014-01-05 11:09 - 000000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001Core.job
    2019-01-07 15:04 - 2018-06-11 08:30 - 000003348 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C925FD71-9237-442A-881A-885AE45F9774}
    2019-01-07 15:04 - 2018-06-11 08:30 - 000002316 _____ C:\WINDOWS\System32\Tasks\{30E96F4C-BEE5-436D-96AD-BC8E8A7B3C67}
    2019-01-07 15:04 - 2018-06-11 08:30 - 000002302 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
    2019-01-07 15:03 - 2018-12-20 13:28 - 000002916 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1008144949-3054828288-720014318-1001
    2019-01-07 15:03 - 2018-12-02 20:46 - 000002526 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
    2019-01-07 15:03 - 2018-11-25 20:56 - 000002704 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series
    2019-01-07 15:03 - 2018-09-21 09:15 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003810 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001UA
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003606 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001UA1d2580eba6cc169
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003492 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003382 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001Core
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003358 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003338 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001Core1d2580eba454e75
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003338 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003108 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 897b9242e2dd4372a2ff7a43428928d2c8c858a4698f4c54910d83e72a36191d
    2019-01-07 15:03 - 2018-06-11 08:30 - 000002824 _____ C:\WINDOWS\System32\Tasks\PegasunStart
    2019-01-07 15:03 - 2018-06-11 08:30 - 000002746 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3510 series
    2019-01-07 15:03 - 2018-06-11 08:30 - 000002410 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
    2019-01-07 11:55 - 2018-06-11 08:11 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-01-05 13:13 - 2013-12-26 15:12 - 000000000 ____D C:\Users\Jim\AppData\Roaming\Adobe
    2018-12-30 23:19 - 2018-12-09 09:53 - 000291336 _____ C:\WINDOWS\system32\FNTCACHE.DAT

    ==================== Files in the root of some directories =======

    2015-08-14 16:50 - 2017-08-12 05:57 - 000017010 _____ () C:\Users\Jim\AppData\Roaming\RegistrationLog.log
    2015-08-14 16:50 - 2017-08-11 23:00 - 000018930 _____ () C:\Users\Jim\AppData\Roaming\ReplayConverterLog.log
    2014-02-08 21:49 - 2014-02-08 21:49 - 000001877 _____ () C:\Users\Jim\AppData\Roaming\VPNMasterFreeVPN.pbk
    2015-04-14 08:21 - 2015-04-14 08:21 - 000213275 _____ () C:\Users\Jim\AppData\Local\ars.cache
    2015-04-14 08:21 - 2015-04-14 08:21 - 000698566 _____ () C:\Users\Jim\AppData\Local\census.cache
    2014-07-28 09:39 - 2014-07-28 09:39 - 000000036 _____ () C:\Users\Jim\AppData\Local\housecall.guid.cache
    2018-09-27 07:38 - 2018-09-27 07:38 - 000000000 _____ () C:\Users\Jim\AppData\Local\oobelibMkey.log
    2016-08-20 12:58 - 2018-10-25 12:45 - 000000600 _____ () C:\Users\Jim\AppData\Local\PUTTY.RND
    2015-02-04 09:58 - 2015-02-04 09:58 - 000001242 _____ () C:\Users\Jim\AppData\Local\recently-used.xbel
    2014-11-26 22:26 - 2015-07-27 14:30 - 000007602 _____ () C:\Users\Jim\AppData\Local\resmon.resmoncfg
    2014-07-28 09:47 - 2015-04-14 08:05 - 000000010 _____ () C:\Users\Jim\AppData\Local\sponge.last.runtime.cache

    Some files in TEMP:
    ====================
    2019-01-10 14:48 - 2019-01-10 14:48 - 000010520 ____N () C:\Users\Jim\AppData\Local\Temp\BullseyeCoverage-x86-3.dll

    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\igdumdim32.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\dllhost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-06-11 07:49

    ==================== End of FRST.txt ============================
     
  4. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    25
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2019
    Ran by Jim (29-01-2019 22:09:24)
    Running from C:\Users\Jim\Desktop
    Windows 10 Home Version 1803 17134.523 (X64) (2018-06-11 13:32:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1008144949-3054828288-720014318-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1008144949-3054828288-720014318-503 - Limited - Disabled)
    Guest (S-1-5-21-1008144949-3054828288-720014318-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1008144949-3054828288-720014318-1003 - Limited - Enabled)
    Jim (S-1-5-21-1008144949-3054828288-720014318-1001 - Administrator - Enabled) => C:\Users\Jim
    WDAGUtilityAccount (S-1-5-21-1008144949-3054828288-720014318-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Emsisoft Anti-Malware (Disabled - Out of date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Emsisoft Anti-Malware (Disabled - Out of date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Bridge CC 2018 (HKLM-x32\...\KBRG_8_1) (Version: 8.1 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Anveo Communicator (HKLM-x32\...\{348B4B23-CF06-F918-964F-3481C6A2C8B6}) (Version: 3.0.6 - UNKNOWN) Hidden
    Anveo Communicator (HKLM-x32\...\anveo-win) (Version: 3.0.6 - UNKNOWN)
    Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
    Applian Director 3 (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
    Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 71.0.1037.98 - AVAST Software)
    Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
    BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.52.67.1911 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bose Updater (HKLM-x32\...\Bose Updater) (Version: 1.5.4.1309 - Bose Corporation)
    Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.04011 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0FC5E486-6EA0-4665-A39D-DCC016D88632}) (Version: 4.1.04011 - Cisco Systems, Inc.) Hidden
    Connect (HKLM-x32\...\Connect) (Version: 1.4.14232.0 - Cisco Consumer Products LLC)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
    Dell SupportAssist (HKLM\...\{5A18ABE3-52D1-4CA5-9169-25EC7E789582}) (Version: 3.0.2.48 - Dell Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 65.4.177 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.59.74 - Dell Inc.)
    FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
    Freephoneline (HKLM-x32\...\{2AED3E0F-66AB-45DD-8D1A-FD75262DB2AE}) (Version: 3.2.7 - freephoneline.ca)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
    Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
    HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
    HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
    HP OfficeJet 3830 series Basic Device Software (HKLM\...\{165CDB14-4CD3-4D4D-A38A-3FF93FAAFD5C}) (Version: 40.11.1119.1786 - HP Inc.)
    HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.10.49.21 - HP)
    HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
    iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    Kodi (HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Kodi) (Version: - XBMC-Foundation)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
    Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 65.0 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0 (x64 en-US)) (Version: 65.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
    OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
    Pegasun System Utilities (HKLM-x32\...\{BFDC3B26-7DB0-43D3-BC84-7E9649C157EA}_is1) (Version: 5.00 - Pegasun)
    PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
    Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.11 - Portforward, LLC)
    PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.5.1.1 - OpenVPN Technologies)
    Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.)
    PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
    Replay Converter 4 (HKLM-x32\...\Replay Converter 4) (Version: 4.40 - Applian Technologies Inc.)
    Replay Converter 5 (5.0.1.44) (HKLM-x32\...\Replay Converter 5) (Version: 5.0.1.44 - Applian Technologies)
    Replay Converter 6 (6.0.0.46) (HKLM-x32\...\Replay Converter 6) (Version: 6.0.0.46 - Applian Technologies)
    Replay Media Catcher 6 (6.0.0.79) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.0.79 - Applian Technologies)
    Replay Media Splitter 2.2.1409.57 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 2.2.1409.57 - Applian Technologies Inc.)
    Replay Music 7 (7.0.1.54) (HKLM-x32\...\Replay Music 7) (Version: 7.0.1.54 - Applian Technologies)
    Replay Radio 9 (9.0.1.46) (HKLM-x32\...\Replay Radio 9) (Version: 9.0.1.46 - Applian Technologies)
    Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.4) (Version: 7.4 - Applian Technologies Inc.)
    Revo Uninstaller Pro 4.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.5 - VS Revo Group, Ltd.)
    SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version: - )
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype Web Plugin (HKLM-x32\...\{34E6C3B4-9354-41C2-9484-25B17F48E7E9}) (Version: 7.13.0.71 - Skype Technologies S.A.)
    Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\slack) (Version: 3.0.0 - Slack Technologies)
    Spotify (HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
    StudioTax 2013 (HKLM-x32\...\{2F718BA2-CDAB-47F0-84ED-646F8EDD5D90}) (Version: 9.1.6.0 - BHOK IT Consulting)
    StudioTax 2014 (HKLM-x32\...\{41720083-9D3D-46C1-B01A-D29BE92C80B6}) (Version: 10.0.6.0 - BHOK IT Consulting)
    StudioTax 2015 (HKLM-x32\...\{20F00216-33CE-47EB-9285-65F9AE6750AD}) (Version: 11.0.7.0 - BHOK IT Consulting)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
    Syslog Watcher 4 (HKLM-x32\...\{9A01BC7A-C1A9-4058-8889-3A6ADD2A1254}) (Version: 4.7.6 - SnmpSoft Company)
    TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
    USBPcap 1.2.0.3 (HKLM\...\USBPcap) (Version: 1.2.0.3 - Tomasz Mon)
    Video Padlock (HKLM-x32\...\Video Padlock1.20) (Version: 1.20 - Applian Technologies Inc.)
    Web Sudoku Deluxe 1.2.2 (HKLM-x32\...\Web Sudoku Deluxe_is1) (Version: 1.2.2 - Web Sudoku)
    WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6400 - Broadcom Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
    Wireshark 2.4.3 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.3 - The Wireshark developer community, hxxps://www.wireshark.org)
    X-Lite (HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\X-Lite) (Version: 5.1.0.89322 - CounterPath Corporation)
    Zoiper5 (HKLM-x32\...\Zoiper5) (Version: 5.2 - Securax LTD)
    Zoom (HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1008144949-3054828288-720014318-1001_Classes\CLSID\{34BEB704-B055-4D67-9AC1-C852E0E3DFA4}\localserver32 -> C:\Users\Jim\AppData\Local\SkypePlugin\7.13.0.71\GatewayVersion-x64.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-1008144949-3054828288-720014318-1001_Classes\CLSID\{79DF62FC-32CA-4F29-A0C2-FBD17AB15D63}\InprocServer32 -> C:\Users\Jim\AppData\Local\SkypePlugin\7.13.0.71\GatewayActiveX-x64.dll (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-1008144949-3054828288-720014318-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1008144949-3054828288-720014318-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Jim\AppData\Local\SkypePlugin\7.13.0.71\EdgeCalling.exe (Skype Technologies S.A.)
    CustomCLSID: HKU\S-1-5-21-1008144949-3054828288-720014318-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    CustomCLSID: HKU\S-1-5-21-1008144949-3054828288-720014318-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jim\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll (Google Inc.)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-26] (AVAST Software)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-26] (AVAST Software)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
    ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-26] (AVAST Software)
    ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-29] (Cyberlink)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
    ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-29] (Cyberlink)
    ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-26] (AVAST Software)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2011-04-19] (Igor Pavlov)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [2019-01-22] (Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
    ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] ()
    ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-26] (AVAST Software)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
    ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01805D1C-8F4B-402F-ABD3-35FC8D81C48F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
    Task: {033CDC24-8E42-4179-A39F-FCE9DE6374CB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
    Task: {06082732-A9CE-4215-A5C6-971ED5CB332D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {1424E5D2-5061-4D9D-BC2B-D5CE36325C26} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {16D4D4BC-F0B6-40B7-9D48-CFA7E2A2AB1A} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
    Task: {18E535FA-004D-467A-808F-6058E530B33C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-05-28] (Dropbox, Inc.)
    Task: {1D5454E8-8DD9-40D3-87F7-282D97414F80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001UA => C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {1EC419E5-8105-4E10-AC77-8F1D78CB9FF4} - System32\Tasks\{30E96F4C-BEE5-436D-96AD-BC8E8A7B3C67} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe"
    Task: {1F0F9ED6-33B1-44E6-8754-2191462C6C98} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {269BF06F-4346-4485-8288-C710426343EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {276C15F5-DE6E-4CAC-AC61-B2516380A877} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2019-01-09] (Microsoft Corporation)
    Task: {28CFB173-531F-4049-BF9F-4F52A9BFB406} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
    Task: {2BDB165D-ED17-4AB1-8D31-6B103A01C000} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {2C48B570-EDFB-42FB-8815-855254F131D7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {2DA77921-21E1-4D73-B56A-CD1236161C78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001UA1d2580eba6cc169 => C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {364AD578-2CC1-4BF9-AB26-70A18DA3A89F} - System32\Tasks\avastBCLRestartS-1-5-21-1008144949-3054828288-720014318-1001 => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Task: {3D5C88BD-6F05-41C0-839A-66349BCC0BC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001Core => C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {405E1303-A83F-4463-A070-54AE65EBFBA1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {43B635C7-BDF4-4F4A-B9B4-2934B1394AE0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {43BBCC13-E782-4F90-8F14-709CD2D01845} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-06] (Adobe Systems Incorporated)
    Task: {448B1EE1-5AFF-44CA-A6DC-005C175B3986} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2019-01-19] (AVAST Software)
    Task: {55C0B952-02F4-45F3-AB81-3977AF207DE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
    Task: {5624B267-5A93-4E11-81AA-3CCB73A7A7BE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {57924F13-DD20-45BF-A73F-77CDDF70AFBE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-05-28] (Dropbox, Inc.)
    Task: {5DE33C04-6B24-452B-88FF-D2D8F774760B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {5E017396-1B44-4DF3-901D-82318945CBD1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {61E178A9-7E2B-4B00-A8C3-B65C540B702F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {6593897B-FC7A-4376-A1FA-B1EAFA71D219} - System32\Tasks\HP AR Program Upload - 897b9242e2dd4372a2ff7a43428928d2c8c858a4698f4c54910d83e72a36191d => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {6A1EF37C-C8A2-41EF-A78E-979D81E5BAAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {73128D54-0B6E-418B-9FCD-04B66F7FFE4D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
    Task: {7B53CF13-DF67-4FBE-BA40-D746DD8100E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
    Task: {889E549C-DED1-4121-A5D8-2EF9237D33C6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {8DFE7533-F0FB-4EF5-9116-876CE281E229} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-21] ()
    Task: {9E84ED9D-2B70-4E68-AD91-C336321DC973} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2017-12-13] (AVAST Software)
    Task: {A5F4ACE7-60E6-4E94-A91D-DFCCB1CAE2C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {B1BAFFE3-B23F-4C99-A437-ADE318068913} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [2018-11-16] (BlueStack Systems, Inc.)
    Task: {B6A49D90-CC7A-4C47-B7C4-AB6F374EC264} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2017-12-13] (AVAST Software)
    Task: {B743C126-B85F-481E-9970-3ADFE266BF9F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
    Task: {BA81DE73-EDC1-4128-8C98-045E47986098} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06] (Adobe Systems Incorporated)
    Task: {BE877640-1131-4547-8E4A-A03727BABF6E} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-12-13] (Adobe Systems, Incorporated)
    Task: {BF0F7081-5FBE-469D-B872-065CC061D43D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {C53C7A72-A190-4F0D-A774-A01823635112} - \WPD\SqmUpload_S-1-5-21-1008144949-3054828288-720014318-1001 -> No File <==== ATTENTION
    Task: {C74C1DFA-7380-4216-81A7-32144786D373} - System32\Tasks\S-1-5-21-1008144949-3054828288-720014318-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-12-08] (Microsoft Corporation)
    Task: {C9845BC9-6714-46DA-951E-269F4595A44C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2019-01-17] (HP Inc.)
    Task: {CA6BC5CD-FD55-45B5-ABCA-196A1A764A12} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
    Task: {CFD2783A-3B6E-489E-B011-5DADB49AF98B} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1008144949-3054828288-720014318-1001
    Task: {D8A8B4AD-C6E1-4283-B2B5-93B350E19B9C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
    Task: {DBEE4887-3FFC-40DD-AF7C-82782EE0858C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-12-24] (HP Inc.)
    Task: {E1748265-7D7C-4F2A-B676-6FA4A3BF6E63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
    Task: {E4EADD92-81D9-435A-A3F3-69D09E1949E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2019-01-02] (HP Inc.)
    Task: {E647743B-B8C4-4657-A52A-7E6BE54EC177} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-26] (AVAST Software)
    Task: {E690AC10-A42E-4D38-9F26-99764E8B8730} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2017-03-27] (HP Inc.)
    Task: {E79E1D67-3C06-4605-B13C-3FEA79B7BA34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {EE62AD67-A81E-437C-A7C7-F53A6D2FA1B9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {EFCF0AB6-836B-4D21-81B6-06623C13CDC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001Core1d2580eba454e75 => C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {F0D16104-FFF6-461E-9E68-EE6D9813B33E} - System32\Tasks\PocketCloud => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\ConfigUtility.exe -l "C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe"]
    Task: {F21ED4D1-FE1D-468F-B234-525268BF01BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {F75A68FB-8A40-4A68-9518-1836A8994CFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-12-10] (HP Inc.)
    Task: {F7C46836-B2B7-4247-B275-17F01A39AD1D} - System32\Tasks\PegasunStart => C:\Program Files (x86)\Pegasun\SystemUtilities\SystemUtilities.exe [2018-10-27] (Pegasun)
    Task: {FA756140-BB43-4FAF-A794-D636E3C04350} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2018-09-26] (Synaptics Incorporated)
    Task: {FB4E48EE-07A4-45ED-99CF-FFC226642751} - System32\Tasks\HPCeeScheduleForJim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001Core.job => C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1008144949-3054828288-720014318-1001UA.job => C:\Users\Jim\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2013-06-21 20:46 - 2013-06-21 20:46 - 000016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    2018-03-05 18:47 - 2018-03-05 18:47 - 000614848 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
    2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-12-12 21:47 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-04-12 04:20 - 2018-04-12 04:20 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2018-04-12 04:20 - 2018-04-12 04:20 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2018-04-12 04:20 - 2018-04-12 04:20 - 024677376 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2018-04-12 04:20 - 2018-04-12 04:20 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\skypert.dll
    2018-04-12 04:20 - 2018-04-12 04:20 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.274.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
    2018-04-12 04:22 - 2018-04-12 04:22 - 001921208 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8918.5926.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2019-01-26 15:49 - 2019-01-26 15:49 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2019-01-26 15:49 - 2019-01-26 15:49 - 000667016 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
    2018-04-12 04:21 - 2018-04-12 04:21 - 026934272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-04-12 04:21 - 2018-04-12 04:21 - 008070656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.19011.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2018-04-12 04:21 - 2018-04-12 04:21 - 010077184 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.19011.0_x64__8wekyb3d8bbwe\EntPlat.dll
    2018-11-02 07:10 - 2018-11-02 07:10 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll
    2018-04-12 04:23 - 2018-04-12 04:23 - 000475136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-04-12 04:23 - 2018-04-12 04:23 - 023358976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2018-04-12 04:23 - 2018-04-12 04:23 - 015622144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-04-12 04:23 - 2018-04-12 04:23 - 003101696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-04-12 04:23 - 2018-04-12 04:23 - 004601048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18011.15918.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2019-01-15 01:27 - 2019-01-15 01:27 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2019-01-23 16:33 - 2019-01-23 16:33 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
    2019-01-23 16:33 - 2019-01-23 16:33 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
    2018-11-02 07:11 - 2018-11-02 07:11 - 018767360 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.15.0_x64__htrsf667h5kn2\SupportAssistClientUI.dll
    2018-11-02 07:11 - 2018-11-02 07:11 - 000055152 _____ () C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.1.15.0_x64__htrsf667h5kn2\win32\SupportAssistAppWire.exe
    2019-01-09 11:46 - 2019-01-01 01:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-07-24 07:34 - 2015-07-24 07:34 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2015-06-19 15:35 - 2015-06-19 15:35 - 000113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
    2015-06-19 15:35 - 2015-06-19 15:35 - 001034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
    2019-01-23 14:33 - 2019-01-22 08:14 - 001213768 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
    2019-01-23 14:33 - 2019-01-22 08:14 - 002103112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
    2019-01-23 14:33 - 2019-01-22 08:16 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000025456 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000148968 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 001878888 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000118232 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes36.dll
    2019-01-23 14:33 - 2019-01-22 08:14 - 000109024 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000082760 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000418776 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom36.dll
    2019-01-23 14:33 - 2019-01-22 08:15 - 000074072 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000049128 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000026600 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000131552 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000182752 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000027616 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000119272 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:16 - 000401752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:16 - 000034664 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000062304 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000023520 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 001457488 _____ () C:\Program Files (x86)\Dropbox\Client\dbxlog._dbxlog.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000053736 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000065504 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000025944 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:16 - 000068968 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000032224 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 001755472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000101200 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt592.sip.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 001885520 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000523600 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 003755344 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000061408 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000169304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000061784 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000042840 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000202584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000117584 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000214872 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000099664 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shell32.compiled._winffi_shell32.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000028008 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000033632 _____ () C:\Program Files (x86)\Dropbox\Client\winreindex.compiled._winreindex.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000027624 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:16 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000031600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000486880 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000051552 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000029040 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 011941712 _____ () C:\Program Files (x86)\Dropbox\Client\nucleus_python.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000029024 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:14 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2019-01-23 14:33 - 2019-01-22 08:15 - 000036712 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000272208 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
    2019-01-23 14:33 - 2019-01-22 08:16 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000433992 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2019-01-23 14:33 - 2019-01-22 08:16 - 000038240 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000026432 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
    2019-01-23 14:33 - 2019-01-22 08:15 - 001967936 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2014-07-28 10:28 - 2014-07-28 10:28 - 000000000 _____ () C:\WINDOWS\SYSTEM32\igdumdim32.dll
    2019-01-23 14:33 - 2019-01-22 08:16 - 000095592 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.shcore.compiled._winffi_shcore.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000054096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:17 - 000029544 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:16 - 000025448 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.gdi32.compiled._winffi_gdi32.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000557392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp36-win32.pyd
    2019-01-23 14:33 - 2019-01-22 08:15 - 000335184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp36-win32.pyd
    2018-07-17 21:38 - 2013-09-04 07:53 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2019-01-15 01:28 - 2019-01-15 01:28 - 001042744 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2019-01-15 01:28 - 2019-01-15 01:28 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2019-01-10 14:48 - 2019-01-10 14:48 - 000010520 ____N () C:\Users\Jim\AppData\Local\Temp\BullseyeCoverage-x86-3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Syst4C3829D6:$WIMMOUNTDATA [562]
    AlternateDataStreams: C:\ProgramData\Temp:89E0EA3E [286]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2019-01-04 09:09 - 000000874 _____ C:\WINDOWS\system32\drivers\etc\hosts


    2015-02-08 21:34 - 2015-02-08 22:51 - 000000437 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\PuTTY\;C:\Program Files (x86)\Common Files\Adobe\AGL
    HKCU\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\PuTTY\;C:\Program Files (x86)\Common Files\Adobe\AGL
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\2014-10-23.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: Bose Updater => "C:\Program Files (x86)\Bose Updater\BOSEUPDATER.EXE"
    MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    MSCONFIG\startupreg: com.squirrel.slack.slack => "C:\Users\Jim\AppData\Local\slack\Update.exe" --processStart "slack.exe" --process-start-args "--startup"
    MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
    MSCONFIG\startupreg: HP Deskjet 3510 series (NET) => "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35K1PMT105Y7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP OfficeJet 3830 series (NET) => "C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN8955Q3ZQ06VZ:NW" -scfn "HP OfficeJet 3830 series (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: OneDrive => "C:\Users\Jim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    MSCONFIG\startupreg: QuickSet => c:\Program Files\Dell\QuickSet\QuickSet.exe
    MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jim\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
    MSCONFIG\startupreg: X-Lite => "C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe"
    HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "PrivateTunnel.lnk"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "BingDesktop"
    HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk"
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\StartupApproved\Run: => "X-Lite"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{3889E4AF-8E4A-41AC-930A-78984E38C0FE}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe (XBMC-Foundation)
    FirewallRules: [{EC2F55AF-8630-4CDD-9968-4405DF0975B1}] => (Block) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe (XBMC-Foundation)
    FirewallRules: [UDP Query User{9D49C705-FD2F-4B91-AF51-7B152F00BA0B}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe (XBMC-Foundation)
    FirewallRules: [TCP Query User{F7AD3C2F-5845-41BE-848F-7F4B17723EA6}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe (XBMC-Foundation)
    FirewallRules: [UDP Query User{33CE73BF-7381-47ED-9119-D76B24794902}C:\program files (x86)\zoiper5\zoiper5.exe] => (Allow) C:\program files (x86)\zoiper5\zoiper5.exe ()
    FirewallRules: [TCP Query User{D422E419-E381-409C-8E7B-DAE015062AAF}C:\program files (x86)\zoiper5\zoiper5.exe] => (Allow) C:\program files (x86)\zoiper5\zoiper5.exe ()
    FirewallRules: [{E746B92A-865C-422A-B90A-3ECC2B8D3F09}] => (Block) C:\users\jim\appdata\local\counterpath\x-lite\current\x-lite.exe (CounterPath)
    FirewallRules: [{6EB33844-BE02-4411-A92A-9C304ADA4F36}] => (Block) C:\users\jim\appdata\local\counterpath\x-lite\current\x-lite.exe (CounterPath)
    FirewallRules: [UDP Query User{22889485-0C67-4874-9C95-2B26D4C86C92}C:\users\jim\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\jim\appdata\local\counterpath\x-lite\current\x-lite.exe (CounterPath)
    FirewallRules: [TCP Query User{43092659-BD49-4FB8-B3AA-4C25A70AD4AD}C:\users\jim\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\jim\appdata\local\counterpath\x-lite\current\x-lite.exe (CounterPath)
    FirewallRules: [{3E186F73-5DCA-46CF-BA0D-4B5F057523F1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    FirewallRules: [{AE55C17F-8D56-4226-AA2D-A95227B52266}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.)
    FirewallRules: [UDP Query User{A80B0660-901B-46DB-ABA8-13EDBE3A6745}C:\users\jim\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jim\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
    FirewallRules: [TCP Query User{5CD507C1-3AB1-4A98-AB0B-0E432CC2CEB7}C:\users\jim\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jim\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
    FirewallRules: [{E526D67E-6C9F-4AB6-A9A5-EE8F9ECF4B2C}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Music 7\jrmp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{E3D7FFF8-64F1-433C-91FC-AAE2138E7E62}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Music 7\jrmp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{21D49D6E-2015-4675-BCAD-558AC01A6715}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{4778AB90-04CD-4D6E-8661-12034DB81801}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [UDP Query User{03B41BB1-E6DC-4B62-B040-62AF9F6D50D6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation)
    FirewallRules: [TCP Query User{EDE55B8C-676D-4DCC-9B7F-9752E33BE713}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation)
    FirewallRules: [UDP Query User{FB8F9C55-A73A-4155-A9B4-2E11CB2DFB73}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation)
    FirewallRules: [TCP Query User{12AE96D0-74EB-45D4-A0D7-9CDA109D666C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation)
    FirewallRules: [{D6FBEDB4-06EE-4BDF-B43A-9BBF4FC82751}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\ffmpeg.exe ()
    FirewallRules: [{81A343E1-B9CC-40B8-9DA4-3B5A3786964B}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\ffmpeg.exe ()
    FirewallRules: [{F9D265B5-9D0D-484E-BD04-462BEC1672D2}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\jrcvp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{0CDADDC8-BA2F-4ACF-A40E-9650F6F4AC6A}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\jrcvp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{787E0E52-7495-45C2-84AE-072FCA94BC28}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Music 7\jrmp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{CC2F3C9A-B3E1-4FD9-A185-DAA769ADA501}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Music 7\jrmp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [UDP Query User{101C88E3-5A6E-4F84-8427-A1D25A0284C0}C:\users\jim\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe] => (Allow) C:\users\jim\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe (Skype Technologies S.A.)
    FirewallRules: [TCP Query User{72C9A08C-DEB0-4D5D-BFD7-9437123173F2}C:\users\jim\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe] => (Allow) C:\users\jim\appdata\local\skypeplugin\7.13.0.71\pluginhost.exe (Skype Technologies S.A.)
    FirewallRules: [UDP Query User{121C5BA3-33BF-4A90-A98A-53084F274803}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Technologies S.A.)
    FirewallRules: [TCP Query User{55359158-A0B8-427D-83C4-F0AE6B454B04}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Technologies S.A.)
    FirewallRules: [{9AB80DD3-7957-4305-8054-44A68267B82A}] => (Allow) C:\Program Files (x86)\Syslog Watcher 4\SWService.exe ()
    FirewallRules: [{37C6F2AA-007F-4FA9-9A70-DD4204DB12A7}] => (Allow) C:\Program Files (x86)\Syslog Watcher 4\SyslogWatcher.exe (SnmpSoft Company)
    FirewallRules: [{0E13E34C-29B0-47B6-BC89-067AE63614E9}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe ()
    FirewallRules: [{975477E2-B708-4FC4-A375-E30AA5FF9AEC}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe ()
    FirewallRules: [{A2944E91-5EF1-4544-89B8-31C1D5F8C57B}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe ()
    FirewallRules: [{19A03EFE-1F0D-4A60-A1A1-E37DF33EEE72}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe ()
    FirewallRules: [{07BCB529-2399-4CCF-B553-6B9ED4C5A3DA}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe ()
    FirewallRules: [{F3075C16-7A66-48AB-8B05-B1B84BC2D21E}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe ()
    FirewallRules: [{1263E58A-86BF-4289-A8C2-B1700FDA4E70}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe ()
    FirewallRules: [{C5121ED5-AEE8-4D31-A929-D6D31FD60C8B}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe ()
    FirewallRules: [{F90A0C48-FF4A-4DDD-A6CF-BBF8C5087D8F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{26D3A68F-F9D5-472D-88F8-08354DBDFE00}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{61995603-BC90-4A30-8FD2-81C510DBBF76}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{D59A0D81-25A6-434F-9249-AE4780C0DF4F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [UDP Query User{E5262857-488F-4E53-BB93-56808E0D7AC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Technologies S.A.)
    FirewallRules: [TCP Query User{9BEBD587-A93A-4866-ABED-D7CE0718BB1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Technologies S.A.)
    FirewallRules: [UDP Query User{62BF29AA-FF80-474C-BDA1-0B0DB4FAD769}C:\users\jim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jim\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
    FirewallRules: [TCP Query User{C5D0BD63-3DC5-4829-AFF1-FC457F5F56D8}C:\users\jim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jim\appdata\roaming\spotify\spotify.exe (Spotify Ltd)
    FirewallRules: [{D403B397-484A-4238-B8BE-5D42908B1EC1}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe ()
    FirewallRules: [{30DB4AE7-785D-4EA1-834A-F3C679B5264D}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe ()
    FirewallRules: [{0C2239D1-1F76-4CE0-9698-148E3954CEE7}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe ()
    FirewallRules: [{17616B83-063C-4F17-BEC8-FFD4138C5AA9}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe ()
    FirewallRules: [{00968CA5-92DB-4655-B32C-BB4D069BB22D}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe ()
    FirewallRules: [{0BF42E9D-803A-4708-8342-BDACB96F652C}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe ()
    FirewallRules: [{1188095F-D5EC-43B3-820F-8BB052DFD214}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe ()
    FirewallRules: [{410B3464-D53C-4763-8000-767BC5CBCB8B}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe ()
    FirewallRules: [{C70EF130-28D1-4A34-940B-FA32A9A86290}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{3069E94F-A0CB-40E7-8A3D-0110A2DF95ED}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{D9C56B96-8D71-48EA-B08A-8D11996E53CC}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{F06788D3-BDF6-4B3E-821B-6A241DB8C55F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{E51E2B45-7AFA-4C27-94D9-BA7904A8E077}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jwmpp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{FD7F21E9-8BE5-44F5-900A-EC58626AF7B9}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jwmpp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{34B0C781-CE1F-4E77-94F3-7C3D58142FD9}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jbp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{E005E107-DBE1-47E0-8D40-A60B0ADA1D24}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jbp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{AB92E746-778A-490E-9CFE-19E7FA60FE8C}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jrrp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{D73709BE-43C2-4E12-9954-932F8AAAAE14}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Radio 9\jrrp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [UDP Query User{D51B0590-F203-448D-B88B-089F566E63B7}C:\program files (x86)\freephoneline\freephoneline.exe] => (Allow) C:\program files (x86)\freephoneline\freephoneline.exe (freephoneline.ca)
    FirewallRules: [TCP Query User{17320FD3-0C21-46D2-9901-7370C8D17F2E}C:\program files (x86)\freephoneline\freephoneline.exe] => (Allow) C:\program files (x86)\freephoneline\freephoneline.exe (freephoneline.ca)
    FirewallRules: [{9B59CAD9-9B16-47F3-B667-58EBF92404FE}] => (Allow) LPort=1900
    FirewallRules: [{91ABF747-D2F0-46B4-9CF3-E8F3C88F9880}] => (Allow) LPort=2869
    FirewallRules: [{004A0F62-54E7-4A6E-8002-B3708BF72627}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    FirewallRules: [{D6BD8F50-9FC5-4A85-834A-F88EC18CA631}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe ()
    FirewallRules: [{6281A74E-34C4-4AEC-8703-5A00F29E2167}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe (Wyse Technology.)
    FirewallRules: [TCP Query User{7AEA8A0C-4B14-4A71-A809-47B32DA7FB71}C:\program files (x86)\freephoneline\freephoneline.exe] => (Allow) C:\program files (x86)\freephoneline\freephoneline.exe (freephoneline.ca)
    FirewallRules: [UDP Query User{FB996954-D291-448A-9C53-01869D7C2163}C:\program files (x86)\freephoneline\freephoneline.exe] => (Allow) C:\program files (x86)\freephoneline\freephoneline.exe (freephoneline.ca)
    FirewallRules: [{37E53DBD-C72E-457B-AA3E-1405CB13DA11}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp.)
    FirewallRules: [{61153A03-FD2D-44BE-A792-A3685AB65F7E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp.)
    FirewallRules: [{9199F79F-9A88-48E2-A80F-5F11A4818B35}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\jrcvp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{BBE7C1AB-67F6-4786-86C7-9140DDEC126F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\jrcvp.exe (Jaksta Technologies Pty Ltd)
    FirewallRules: [{CC73041D-6D6B-425A-85B0-BF5E53006F9B}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\ffmpeg.exe ()
    FirewallRules: [{6BB498F3-1261-4902-AEA6-18765B60641F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\ffmpeg.exe ()
    FirewallRules: [{D3215BF3-1302-489B-9423-076824204C36}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe (Hewlett-Packard Co.)
    FirewallRules: [{AE97AD5F-D049-49A5-8D97-BAE962D2ACB9}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
    FirewallRules: [{A4A61D89-3AEC-483E-913A-58119A470CD3}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Co.)
    FirewallRules: [TCP Query User{0E1D2D02-38DC-4F4B-9677-AF855B47D975}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [UDP Query User{84650E97-D42B-4C03-87F2-CF51E86BE9B4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
    FirewallRules: [{3AD99A2E-0604-4ED6-B579-E23EE58916DB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
    FirewallRules: [{F21AEF7F-4CAD-4F96-AE92-94B04853F598}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
    FirewallRules: [{651AC325-A614-4CF1-A763-6FE14BF30CB0}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{87FF98D1-4501-4694-82D7-46C047D7BD28}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{AEBBE5E6-C8E6-4B17-A8CB-0F2B8DF1F5C6}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe (HP Inc.)
    FirewallRules: [{6E6DE3B6-74E6-48BC-9081-DB547E7E346C}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe (HP Inc.)
    FirewallRules: [{9CC99800-D3D3-4FFD-A3F3-D5D9FCBBBF66}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe (HP Inc.)
    FirewallRules: [{F4950A36-4501-41A2-8C0E-AF7DA18142B0}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe (HP Inc.)
    FirewallRules: [{5A6ED5A2-A517-48EB-8080-4437157A25DE}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe (HP Inc.)
    FirewallRules: [{9BD2919B-81B4-46BD-BABC-510AAE378BCF}] => (Allow) LPort=5357
    FirewallRules: [{3267E7AF-E7FC-404D-AA14-0C328ECA36A6}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc.)
    FirewallRules: [{646672A4-5511-481E-A09F-FB4111C49590}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    FirewallRules: [{7B6AB1DE-3717-4447-99E5-8C83EC8A45AE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{EA82E596-C1B9-48F3-8B36-FDC8B3F9D1ED}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd)
    FirewallRules: [{60B8E916-585A-46D5-BD71-56932E92B2D3}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software)
    FirewallRules: [{93068813-347A-4FA2-9BE9-35D92F76ADD7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
    FirewallRules: [{197FFC17-33A9-4A12-AA98-92CEE664A5B5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
    FirewallRules: [{24A82E12-54BC-4D97-BD89-5DB4E7DCDC8E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software)
    FirewallRules: [{6E2F856A-FA5E-4916-B63B-C6EE74708FBD}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

    ==================== Restore Points =========================

    15-01-2019 19:43:59 Windows Update
    20-01-2019 12:58:53 Windows Update
    22-01-2019 21:14:44 Removed SmartByte Drivers and Services.
    28-01-2019 13:56:19 Removed Emsisoft Anti-Malware

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/29/2019 09:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 08:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 07:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 06:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 05:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 04:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 04:21:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.

    Error: (01/29/2019 03:45:23 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
    Description: Product: Avast Update Helper -- Error 1316. The specified account already exists.


    System errors:
    =============
    Error: (01/29/2019 08:12:18 PM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/29/2019 08:01:59 PM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/29/2019 06:23:39 PM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/29/2019 04:51:25 PM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/29/2019 04:51:25 PM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/29/2019 04:51:24 PM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (01/29/2019 11:06:33 AM) (Source: Tcpip) (EventID: 4199) (User: )
    Description: The system detected an address conflict for IP address 192.168.0.12 with the system
    having network hardware address 68-5A-CF-B0-FF-82. Network operations on this system may
    be disrupted as a result.

    Error: (01/29/2019 07:44:14 AM) (Source: DCOM) (EventID: 10016) (User: JIMDELL)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user Jimdell\Jim SID (S-1-5-21-1008144949-3054828288-720014318-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2019-01-20 13:01:29.498
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {F3CECD9A-B275-43A8-BFAB-A7D73C535B7A}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-19 10:19:22.826
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {C52F13AC-2106-4035-8ED4-29251210CF6E}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-11-28 10:35:35.243
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {6E6FE732-D71E-40B9-9FF1-47160993ACE4}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2018-11-28 10:23:40.318
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {2330A788-D63E-43AB-BA98-5CD2780E2460}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-01-22 21:31:20.850
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: Network Inspection System
    Error Code: 0x8007041d
    Error description: The service did not respond to the start or control request in a timely fashion.
    Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.

    Date: 2019-01-21 21:44:11.894
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2019-01-21 21:24:03.201
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2019-01-21 20:00:01.407
    Description:
    Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
    Feature: On Access
    Error Code: 0x80004005
    Error description: Unspecified error
    Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    Date: 2018-11-27 20:02:13.998
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.281.893.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.15400.5
    Error code: 0x80240022
    Error description: The program can't check for definition updates.

    CodeIntegrity:
    ===================================

    Date: 2019-01-28 13:54:48.928
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2019-01-28 13:50:35.939
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2019-01-28 13:34:35.922
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2019-01-28 13:25:00.087
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\upfc.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2019-01-28 13:19:40.262
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2019-01-28 13:19:06.901
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-01-28 13:19:06.128
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

    Date: 2019-01-28 13:19:03.921
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
    Percentage of memory in use: 51%
    Total physical RAM: 8073.27 MB
    Available physical RAM: 3955.02 MB
    Total Virtual: 12169.27 MB
    Available Virtual: 7007.33 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:452.02 GB) (Free:325.04 GB) NTFS

    \\?\Volume{7041e2c6-e224-4632-886a-649443c0dbd9}\ (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
    \\?\Volume{a4ca6eea-c394-43a6-afc6-ffa2d370b08f}\ () (Fixed) (Total:0.79 GB) (Free:0.34 GB) NTFS
    \\?\Volume{e3d425bd-9c35-46f6-848e-a638d718befa}\ (PBR Image) (Fixed) (Total:11.82 GB) (Free:0.66 GB) NTFS
    \\?\Volume{193c2e1c-cfff-4d7c-903f-8521b6c5d286}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.4 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: C0E18DD1)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    One of the first things I would suggest is to change the yahoo home page, and as e-mail provider.
    --------------------------------------------------------
    In case extra info is needed about Yahoo (there is lots more), see here for a few of the bits:
    ------------------------------------------------
    If your Yahoo mail account has been hacked, or if you find mysterious e-mails sent or received in your name, it may not have anything to do with you.
    If you contact Yahoo, they will tell you to use a more secure password.
    That's good advice, but not necessarily the source of the problem.
    There is a fair likelihood that the fault lies with Yahoo servers.
    Yahoo has been unwilling or unable to make their e-mail service adequately secure.
    IT experts have blogged about it for years.
    If criminals can hack into Yahoo servers, they can get all your information, including your passwords, e-mails and recipients addresses.
    The resulting spam is sometimes just a nuisance, but sometimes it's porn, or malicious attachments.
    Some articles on the subject:
    http://www.huffingtonpost.com/2013/05/31/yahoo-email-hacking_n_3366259.html
    http://arstechnica.com/security/201...oses-key-customer-following-mass-hack-attack/

    Yahoo even has a plan to recycle inactive user IDs ! :
    http://www.webpronews.com/yahoo-raises-security-concerns-with-email-plans-2013-06

    Until things change, I would suggest you save any critical Yahoo e-mails and address book(s), then establish a new e-mail account with a different provider.
    Your Internet Service provider will likely offer free e-mail accounts.
    I would then delete everything in all Yahoo e-mail folders (inbox, sent box, trash/deleted box), and delete your Yahoo account(s)..
    Directions on how to save the Yahoo address book are here:
    http://email.about.com/od/yahoomailtip1/qt/How_to_Export_Your_Yahoo_Mail_Address_Book.htm
    Yahoo directions on backing up e-mails are here: https://help.yahoo.com/kb/back-emails-sln5033.html

    You can read about how to delete a Yahoo Account here:
    http://www.wikihow.com/Delete-Yahoo!-Accounts

    Yahoo has just recently said it will not change its adware distribution policy, even though being acquired by Verizon and sued by lots of people.

    ------------------------------------------------
    The Applian suite of programs has been reported to subvert your searches and dump all kinds of ads.
    Your choice whether you think that is happening to you and whether to remove them:
    Replay Converter 4
    Replay Converter 5
    Replay Converter 6
    Replay Media Catcher 6
    Replay Media Splitter 2.2.1409.57
    Replay Music 7
    Replay Radio 9
    Video Padlock
    Replay Video Capture 7


    I would also recommend removing PocketCloud, since it allows remote access to your machine
    PocketCloud

    Remove Installed Programs
    Use Start > Settings > System > Apps and Features >
    Highlight each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Bing Bar
    Bing Desktop
    Dell SupportAssist

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    Let me know what you see.
     

    Attached Files:

  6. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    25
    Thanks askey127 for your assistance with this matter. I have followed your suggestions but it will take me awhile to get away from Yahoo. I do presently have a gmail account that I could use and will switch over to it but that will take some time. Does it still make sense to Run A Fix With FRST to get rid of Spyhunter? Or do I need to wait until I divorce myself from Yahoo?
     
  7. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    25
    Fixlog
    Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
    Ran by Jim (30-01-2019 11:45:44) Run:1
    Running from C:\Users\Jim\Desktop
    Loaded Profiles: Jim (Available Profiles: Jim)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\...\Run: [AdobeBridge] => [X]
    GroupPolicy: Restriction ? <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=hp-avast&type=avastbcl
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
    FF Extension: (Yahoo Homepage) - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077\Extensions\[email protected] [2018-12-24]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [10065712 2018-12-09] (EnigmaSoft Limited)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-02] (PC-Doctor, Inc.)
    C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
    C:\Program Files\EnigmaSoft
    S2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537904 2018-12-09] (EnigmaSoft Limited)
    R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [69232 2019-01-27] (EnigmaSoft Limited)
    C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
    2019-01-27 10:39 - 2019-01-27 10:56 - 000069232 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
    2019-01-10 16:14 - 2018-12-09 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
    2019-01-07 15:03 - 2018-06-11 08:30 - 000003358 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    Task: {1424E5D2-5061-4D9D-BC2B-D5CE36325C26} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

    Task: {269BF06F-4346-4485-8288-C710426343EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

    Task: {2C48B570-EDFB-42FB-8815-855254F131D7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {405E1303-A83F-4463-A070-54AE65EBFBA1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {5624B267-5A93-4E11-81AA-3CCB73A7A7BE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {5DE33C04-6B24-452B-88FF-D2D8F774760B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {5E017396-1B44-4DF3-901D-82318945CBD1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {61E178A9-7E2B-4B00-A8C3-B65C540B702F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {6A1EF37C-C8A2-41EF-A78E-979D81E5BAAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {889E549C-DED1-4121-A5D8-2EF9237D33C6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {BF0F7081-5FBE-469D-B872-065CC061D43D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {C53C7A72-A190-4F0D-A774-A01823635112} - \WPD\SqmUpload_S-1-5-21-1008144949-3054828288-720014318-1001 -> No File <==== ATTENTION
    Task: {CA6BC5CD-FD55-45B5-ABCA-196A1A764A12} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
    Task: {D8A8B4AD-C6E1-4283-B2B5-93B350E19B9C} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [2018-10-25] (Dell Inc.)
    Task: {EE62AD67-A81E-437C-A7C7-F53A6D2FA1B9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F21ED4D1-FE1D-468F-B234-525268BF01BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    2018-11-02 07:10 - 2018-11-02 07:10 - 002587976 _____ () C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll
    EmptyTemp:
    Cmd: ipconfig /flushdns


    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
    "HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    "HKU\KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION\SOFTWARE\Policies\Microsoft\Internet Explorer" => not found
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
    HKU\S-1-5-21-1008144949-3054828288-720014318-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => not found
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => not found
    HKLM\Software\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => not found
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => not found
    HKLM\Software\Wow6432Node\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => not found
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
    HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f}" => not found
    HKLM\Software\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => not found
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f}" => not found
    HKLM\Software\Wow6432Node\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => not found
    C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\ofw1dpk9.default-1432123455793-1530493303077\Extensions\[email protected] => moved successfully
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => removed successfully
    HKLM\System\CurrentControlSet\Services\EsgShKernel => removed successfully
    EsgShKernel => service removed successfully
    Dell Hardware Support => service not found.
    C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe => moved successfully
    C:\Program Files\EnigmaSoft => moved successfully
    HKLM\System\CurrentControlSet\Services\ShMonitor => removed successfully
    ShMonitor => service removed successfully
    EnigmaFileMonDriver => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\EnigmaFileMonDriver => removed successfully
    EnigmaFileMonDriver => service removed successfully
    C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys => moved successfully
    "C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys" => not found
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft => moved successfully
    "C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1424E5D2-5061-4D9D-BC2B-D5CE36325C26}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1424E5D2-5061-4D9D-BC2B-D5CE36325C26}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{269BF06F-4346-4485-8288-C710426343EA}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269BF06F-4346-4485-8288-C710426343EA}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C48B570-EDFB-42FB-8815-855254F131D7}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C48B570-EDFB-42FB-8815-855254F131D7}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{405E1303-A83F-4463-A070-54AE65EBFBA1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{405E1303-A83F-4463-A070-54AE65EBFBA1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5624B267-5A93-4E11-81AA-3CCB73A7A7BE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5624B267-5A93-4E11-81AA-3CCB73A7A7BE}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE33C04-6B24-452B-88FF-D2D8F774760B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE33C04-6B24-452B-88FF-D2D8F774760B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E017396-1B44-4DF3-901D-82318945CBD1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E017396-1B44-4DF3-901D-82318945CBD1}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61E178A9-7E2B-4B00-A8C3-B65C540B702F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61E178A9-7E2B-4B00-A8C3-B65C540B702F}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A1EF37C-C8A2-41EF-A78E-979D81E5BAAD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A1EF37C-C8A2-41EF-A78E-979D81E5BAAD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{889E549C-DED1-4121-A5D8-2EF9237D33C6}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{889E549C-DED1-4121-A5D8-2EF9237D33C6}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF0F7081-5FBE-469D-B872-065CC061D43D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF0F7081-5FBE-469D-B872-065CC061D43D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C53C7A72-A190-4F0D-A774-A01823635112}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C53C7A72-A190-4F0D-A774-A01823635112}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1008144949-3054828288-720014318-1001" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA6BC5CD-FD55-45B5-ABCA-196A1A764A12}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA6BC5CD-FD55-45B5-ABCA-196A1A764A12}" => removed successfully
    C:\WINDOWS\System32\Tasks\iolo System Checkup => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo System Checkup" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A8B4AD-C6E1-4283-B2B5-93B350E19B9C}" => not found
    "C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate" => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE62AD67-A81E-437C-A7C7-F53A6D2FA1B9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE62AD67-A81E-437C-A7C7-F53A6D2FA1B9}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F21ED4D1-FE1D-468F-B234-525268BF01BD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F21ED4D1-FE1D-468F-B234-525268BF01BD}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\libprotobuf.dll" => not found

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39497684 B
    Java, Flash, Steam htmlcache => 1124 B
    Windows/system/drivers => 64849465 B
    Edge => 4968 B
    Chrome => 109623243 B
    Firefox => 72315427 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 29152427 B
    systemprofile32 => 14316375 B
    LocalService => 28988 B
    LocalService => 0 B
    NetworkService => 37780 B
    NetworkService => 0 B
    Jim => 85383399 B

    RecycleBin => 1167 B
    EmptyTemp: => 406 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 11:47:50 ====
     
  8. turky

    turky Thread Starter

    Joined:
    Dec 21, 2004
    Messages:
    25
    Seems to have removed Spyhunter. Thanks.
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    You're welcome.
    Good luck with the Yahoo thing.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1222415

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice