[SOLVED] Randatlas' Thread Weird Chinese symbols in registry

Hi, randatlas. Welcome to Sysnative.

I've split your post to a thread of your own. Please upload the file and I'll let Brian know. There may be a delay in his response since he is very busy but I'm sure he'll check it as soon as he has an opportunity.
 
Hi Randatlas I just notice your thread and yes I had the same issue and hope that I can help you with this problem . Do you have avast as your anti virus protection? next question do you know how to back up your registry? and also do you know how to set a system restore point.
 
Hello, Carl :) It is great that you are trying to be helpful, but since these steps involve registry editing, I would prefer that one of us with the training works this :) Brian is the best man for the job.

I hope you understand my concerns.
 
Last edited:
Yes I understand perfectly and agree I was only willing to help because I was asked . No problem
 
Yes I understand perfectly and agree I was only willing to help because I was asked . No problem

Thanks, folks. When you're ready, please let me know how I should proceed. I have the Security.zip archive on my desktop but don't know how to get it to you. There was a space for filling in an email address, on that file sending program that was mentioned in the person's post, but I didn't have an email address for you.

Anyway, I will wait patiently for some advice. :-)

Thanks again,
Randatlas
 
Hi, Randatlas.

The C:\FRST\HIVES needs to be uploaded to a file sharing service since there may be personal information in it that shouldn't be available in a public forum. Several file sharing options are listed below (they are clickable links), however you are not limited to these:

Microsoft OneDrive
Google Drive
Dropbox
DataFileHost
ExpireBox
SendSpace
WeTransfer

Let us know when you have completed that but do NOT post the link here. I will let Brian know that someone else needs assistance with weird Chinese symbols in registry.
 
Hi, Randatlas.

The C:\FRST\HIVES needs to be uploaded to a file sharing service since there may be personal information in it that shouldn't be available in a public forum. Several file sharing options are listed below (they are clickable links), however you are not limited to these:

Microsoft OneDrive
Google Drive
Dropbox
DataFileHost
ExpireBox
SendSpace
WeTransfer

Let us know when you have completed that but do NOT post the link here. I will let Brian know that someone else needs assistance with weird Chinese symbols in registry.

-------

Thanks Corrine. I appreciate your offer to help. Unfortunately I am feeling under the weather at this time so will have to come back here and try this on another day. Many thanks!!!

R.
 
Hi, Randatlas.

The C:\FRST\HIVES needs to be uploaded to a file sharing service since there may be personal information in it that shouldn't be available in a public forum. Several file sharing options are listed below (they are clickable links), however you are not limited to these:

Microsoft OneDrive
Google Drive
Dropbox
DataFileHost
ExpireBox
SendSpace
WeTransfer

Let us know when you have completed that but do NOT post the link here. I will let Brian know that someone else needs assistance with weird Chinese symbols in registry.

-------

Thanks Corrine. I appreciate your offer to help. Unfortunately I am feeling under the weather at this time so will have to come back here and try this on another day. Many thanks!!!

R.

Hi again Corrine,

It's another day... :-)

First off I wanted to let you know that I had been following the instructions that were given to the other forum member who had a similar situation with the Chinese symbols in the registry. So what I have saved on my desktop is a Security.zip WinRAR folder with a file named Security.evtx in it. However, based on what you've said here, it sounds like I do not need this - at least not at this point?

My next question is, how do I create C:\FRST\HIVES? I cannot find this path on my computer. I think I will need a little hand-holding here... Thanks for your patience with me! :-)

Also, when sharing a file with you (for example, I have Dropbox), I will be prompted to put in an email address - and I do not have one for this forum - is this correct?
 
Last edited:
Sorry, Randatlas, the confusion is my fault since you hadn't started your thread by following the instructions for the Security forum and I neglected to ask you to post the FRST logs. Please do the following:

Please download Farbar Recovery Scan Tool (FRST) and save it to your Desktop.

Note: You need to run the version compatible with your system (32- or 64-bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • The first time FRST is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and Addition.txt.
  • Copy/paste both FRST.txt and Addition.txt into your reply.
 
I'll walk you through the entire process. Please start with the following.

Fresh Set of Logs Needed

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste (or attach) log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste or attach that along with the FRST.txt into your reply.
 
Dear Corrine and Brian,
Thank you very much for taking me by the hand and walking me through this! :smile9:
Okay, below are the logs you asked for:

FRST.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by RandyA (administrator) on DESKTOP-IFOJE18 (16-03-2018 17:06:44)
Running from C:\Users\RandyA\Desktop
Loaded Profiles: RandyA (Available Profiles: RandyA)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files\SophosClean\scsched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
() C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TorchMedia Inc.) C:\Users\RandyA\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Sophos Limited) C:\Program Files\SophosClean\scsched.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Starfield Technologies) C:\Users\RandyA\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\RandyA\AppData\Local\Workspace\workspacestatus.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8842496 2016-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [BackupNowEZ4Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1093832 2014-11-06] (NTI Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1516096 2017-05-09] (Sophos Limited)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Starfield Updater] => C:\Users\RandyA\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2017-06-08] (Starfield Technologies)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Workspace Status] => C:\Users\RandyA\AppData\Local\Workspace\workspacestatus.exe [694760 2017-06-08] (Starfield Technologies)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2017-10-16] (Epic Privacy Browser)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Spotify Web Helper] => C:\Users\RandyA\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-02-27] (Spotify Ltd)
GroupPolicy: Restriction <==== ATTENTION


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1d86b617-c757-493d-95e7-2ebaffbab114}: [DhcpNameServer] 192.168.1.1


Internet Explorer:
==================
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001 -> {B5F83D20-F928-4117-A9C7-FF6F0209439F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies)


Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001 -> hxxp://www.google.com/


FireFox:
========
FF DefaultProfile: n08e00at.default-1507151350608
FF ProfilePath: C:\Users\RandyA\AppData\Roaming\Mozilla\Firefox\Profiles\n08e00at.default-1507151350608 [2018-03-16]
FF Homepage: Mozilla\Firefox\Profiles\n08e00at.default-1507151350608 -> Google
FF NewTabOverride: Mozilla\Firefox\Profiles\n08e00at.default-1507151350608 -> Disabled: mailcheck@mail.com
FF Extension: (WBE Paste) - C:\Users\RandyA\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2017-06-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-24] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @freeconferencecall.com/launcher -> C:\Users\RandyA\AppData\Local\FCCPlugins\npfcclauncher.dll [2017-05-04] (FreeConferenceCall)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/off -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/off64 -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/wbe -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-06-08] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/wbe64 -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-06-08] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-10-16] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-10-16] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: jpl.nasa.gov/NASAEyes -> C:\Users\RandyA\Pictures\Saturn Mission\NASA's Eyes\npNASAEyes.dll [2017-04-19] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npoff.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-06-08] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-06-08] (Starfield Technology, LLC)


Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://webmail.earthlink.net/wam/login.jsp?redirect=%2Fwam%2Findex.jsp&x=797174875&x=1943030401"
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default [2018-03-13]
CHR Extension: (Slides) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-13]
CHR Extension: (Docs) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-13]
CHR Extension: (Google Drive) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-27]
CHR Extension: (Signal Private Messenger) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2017-06-29]
CHR Extension: (YouTube) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-24]
CHR Extension: (Avast Passwords) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-04-04]
CHR Extension: (Google Sheets) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-27]
CHR Extension: (The Great Suspender) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-29]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Video Cutter) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai [2017-03-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-08-10]
CHR Extension: (Gmail) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx


Opera:
=======
OPR StartupUrls: "hxxp://www.google.com/","hxxp://www.gmail.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (Stormcrow) - C:\Users\RandyA\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-02-24]


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
S4 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [95432 2014-11-06] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [235872 2017-09-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-09-27] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925824 2017-01-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [773080 2017-05-09] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1301976 2017-09-27] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1715464 2017-09-27] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-09-27] (Sophos Limited)
R2 SophosCleanScheduler; C:\Program Files\SophosClean\scsched.exe [135496 2017-06-29] (Sophos Limited)
R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-09-27] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3596088 2017-09-27] (Sophos Limited)
R2 TorchCrashHandler; C:\Users\RandyA\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217216 2018-02-01] (TorchMedia Inc.) <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-13] (Malwarebytes)
R3 NIWinCDEmu; C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [112408 2016-09-07] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-22] (Realtek )
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [204328 2017-09-27] (Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2017-06-02] (Sophos Limited)
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [123848 2017-01-26] (Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2017-06-02] (Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2017-06-02] (Sophos Limited)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U1 aswbdisk; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-03-16 17:06 - 2018-03-16 17:08 - 000026146 _____ C:\Users\RandyA\Desktop\FRST.txt
2018-03-16 17:06 - 2018-03-16 17:06 - 000000000 ____D C:\FRST
2018-03-16 17:05 - 2018-03-16 17:04 - 002403328 _____ (Farbar) C:\Users\RandyA\Desktop\FRST64.exe
2018-03-16 17:04 - 2018-03-16 17:04 - 002403328 _____ (Farbar) C:\Users\RandyA\Downloads\FRST64.exe
2018-03-16 12:59 - 2018-03-16 13:02 - 000000000 ____D C:\Users\RandyA\Downloads\Circus stuff
2018-03-14 00:05 - 2018-03-14 00:05 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page (3).pub
2018-03-14 00:03 - 2018-03-14 00:03 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page (2).pub
2018-03-14 00:01 - 2018-03-14 00:01 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page.pub
2018-03-14 00:01 - 2018-03-14 00:01 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page (1).pub
2018-03-13 20:54 - 2018-03-13 22:34 - 000002304 _____ C:\Users\RandyA\Desktop\AAofWNY Email list 03-13-2018.txt
2018-03-13 18:02 - 2018-03-13 18:02 - 001101446 _____ C:\Users\RandyA\Desktop\Security.zip
2018-03-13 18:01 - 2018-03-13 18:01 - 021041152 _____ C:\Users\RandyA\Desktop\Security.evtx
2018-03-13 18:01 - 2018-03-13 18:01 - 000000000 ____D C:\Users\RandyA\Desktop\LocaleMetaData
2018-03-13 17:37 - 2018-03-02 17:09 - 000834552 _____ C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-13 17:37 - 2018-03-02 17:09 - 000179704 _____ C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 15:58 - 2018-03-13 15:58 - 000096879 _____ C:\Users\RandyA\Downloads\Application for CCWE Membership (1).pdf
2018-03-13 15:10 - 2017-06-02 17:01 - 000047760 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2018-03-13 15:07 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 15:07 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 15:07 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 15:07 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 15:07 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 15:07 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 15:07 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 15:07 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 15:07 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 15:07 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 15:07 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 15:07 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 15:07 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 15:07 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 15:07 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 15:07 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 15:07 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 15:07 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 15:07 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 15:07 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 15:07 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 15:07 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 15:07 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 15:07 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 15:07 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 15:07 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 15:07 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 15:07 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 15:07 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 15:07 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 15:07 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 15:07 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 15:07 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 15:07 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 15:07 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 15:07 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 15:07 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 15:07 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 15:07 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 15:07 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:07 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 15:07 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 15:07 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 15:07 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 15:07 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 15:07 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 15:07 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 15:07 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 15:07 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 15:07 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 15:07 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 15:07 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 15:07 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 15:07 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 15:07 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 15:07 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 15:07 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 15:07 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 15:07 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 15:07 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 15:07 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 15:07 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 15:07 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 15:07 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 15:07 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 15:07 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 15:07 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 15:07 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 15:07 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 15:07 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 15:07 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 15:07 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 15:07 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 15:07 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 15:07 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 15:07 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 15:07 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 15:07 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 15:07 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 15:07 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 15:07 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 15:07 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 15:07 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 15:07 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 15:07 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 15:07 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 15:07 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 15:07 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 15:07 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 15:07 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 15:07 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 15:07 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 15:07 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 15:07 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 15:07 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 15:07 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 15:07 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 15:07 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 15:07 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 15:07 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 15:07 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 15:07 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 15:07 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 15:07 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 15:07 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 15:07 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 15:07 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 15:07 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 15:07 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 15:07 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 15:07 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 15:07 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 15:07 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 15:07 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 15:07 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 15:07 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 15:07 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 15:07 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 15:07 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 15:07 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 15:06 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 15:06 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 15:06 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 15:06 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 15:06 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 15:06 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 15:06 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 15:06 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 15:06 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 15:06 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 15:06 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 15:06 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 15:06 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 15:06 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 15:06 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 15:06 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 15:06 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 15:06 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 15:06 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 15:06 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 15:06 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 15:06 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 15:06 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 15:06 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 15:06 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 15:06 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 15:06 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 15:06 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 14:54 - 2018-03-13 14:54 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-10 17:16 - 2018-03-10 17:16 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Torch
2018-03-09 20:25 - 2018-03-09 20:25 - 000608064 _____ C:\Users\RandyA\Downloads\Do Elephants Belong in the Circus- - YouTube[via torchbrowser.com] (2).mp4
2018-03-09 20:24 - 2018-03-13 20:25 - 000000000 ____D C:\ProgramData\TorchCrashHandler
2018-03-09 20:24 - 2018-03-09 20:24 - 000001266 _____ C:\Users\RandyA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2018-03-09 20:24 - 2018-03-09 20:24 - 000001258 _____ C:\Users\RandyA\Desktop\Torch.lnk
2018-03-09 20:23 - 2018-03-09 20:24 - 000000000 ____D C:\Users\RandyA\AppData\Local\Torch
2018-03-09 20:23 - 2018-03-09 20:23 - 001668496 _____ (Torch Media, Inc) C:\Users\RandyA\Downloads\TorchSetup-r20-n-be (1).exe
2018-03-09 20:22 - 2018-03-09 20:22 - 001668496 _____ (Torch Media, Inc) C:\Users\RandyA\Downloads\TorchSetup-r20-n-be.exe
2018-03-09 19:44 - 2018-03-09 19:53 - 002435459 _____ C:\Users\RandyA\Documents\IMG_20180309_0001.pdf
2018-03-08 23:32 - 2018-03-08 23:32 - 000532310 _____ C:\Users\RandyA\Downloads\Friends of Animals Event.pdf
2018-03-08 14:15 - 2018-03-08 14:15 - 000000000 ____D C:\Users\RandyA\Documents\Utopia Tix 05-19-2018
2018-03-08 14:14 - 2018-03-08 14:14 - 000189630 _____ C:\Users\RandyA\Downloads\CH230-57540.pdf
2018-03-08 14:14 - 2018-03-08 14:14 - 000189630 _____ C:\Users\RandyA\Documents\Utopia-2Tix-05-19-2018.pdf
2018-03-08 14:13 - 2018-03-08 14:14 - 005472543 _____ C:\Users\RandyA\Documents\IMG_20180308_0001.pdf
2018-03-06 17:48 - 2018-03-06 17:48 - 000020835 _____ C:\Users\RandyA\Downloads\ACORD Form 20180228-155025.pdf
2018-03-01 19:27 - 2018-03-11 17:27 - 000000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job
2018-03-01 19:27 - 2018-03-11 17:27 - 000000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job
2018-03-01 19:27 - 2018-03-08 14:40 - 000003840 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001
2018-03-01 19:27 - 2018-03-08 14:40 - 000003744 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001
2018-03-01 19:27 - 2018-03-08 14:40 - 000000000 ____D C:\Users\RandyA\AppData\Local\GoToMeeting
2018-03-01 19:26 - 2018-03-01 19:26 - 000000000 ____D C:\Users\RandyA\AppData\Local\GoTo Opener
2018-02-28 19:29 - 2018-02-28 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-26 14:17 - 2018-03-02 23:56 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Spotify
2018-02-26 14:17 - 2018-03-02 23:56 - 000000000 ____D C:\Users\RandyA\AppData\Local\Spotify
2018-02-26 14:17 - 2018-02-26 14:17 - 000725488 _____ (Spotify Ltd) C:\Users\RandyA\Downloads\SpotifySetup (1).exe
2018-02-26 14:17 - 2018-02-26 14:17 - 000001855 _____ C:\Users\RandyA\Desktop\Spotify.lnk
2018-02-26 14:17 - 2018-02-26 14:17 - 000001841 _____ C:\Users\RandyA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-02-26 07:24 - 2018-02-26 07:24 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-02-26 07:24 - 2018-02-26 07:24 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-02-23 15:35 - 2018-02-23 15:35 - 000000106 _____ C:\Users\RandyA\Desktop\from randy.txt
2018-02-20 14:22 - 2018-02-20 14:33 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Wise Data Recovery
2018-02-20 14:22 - 2018-02-20 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Data Recovery
2018-02-20 14:22 - 2018-02-20 14:22 - 000000000 ____D C:\Program Files (x86)\Wise
2018-02-20 13:36 - 2018-02-20 14:22 - 000483328 _____ C:\Users\RandyA\Documents\New Support Group database - updated-02-10-2018.accdb
2018-02-20 13:08 - 2018-02-20 13:09 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-02-20 13:08 - 2018-02-20 13:09 - 000000000 ____D C:\Program Files\Recuva
2018-02-20 13:08 - 2018-02-20 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-02-20 05:09 - 2018-02-20 05:09 - 000000000 ____D C:\Users\RandyA\Documents\Recovered
2018-02-19 20:38 - 2018-02-19 20:38 - 000001203 _____ C:\Users\Public\Desktop\RescuePRO Deluxe.lnk
2018-02-19 20:38 - 2018-02-19 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescuePRO Deluxe
2018-02-19 20:31 - 2018-02-19 20:38 - 000000000 ____D C:\Program Files (x86)\RescuePRO Deluxe
2018-02-19 20:31 - 2018-02-19 20:31 - 000000000 ____D C:\Users\RandyA\licman
2018-02-19 20:31 - 2018-02-19 20:31 - 000000000 ____D C:\Users\RandyA\AppData\Local\LC Technology Inc
2018-02-19 20:30 - 2018-02-19 20:30 - 016337397 _____ C:\Users\RandyA\Downloads\RPDLXWIN.zip
2018-02-18 21:11 - 2018-02-18 21:11 - 302253702 _____ C:\Users\RandyA\Desktop\Tines - Tines Demo - 9 songs.zip
2018-02-15 14:48 - 2018-02-15 14:48 - 000000000 ____D C:\ProgramData\Reason
2018-02-15 14:46 - 2018-02-15 14:46 - 008828672 _____ (Reason Software Company Inc.) C:\Users\RandyA\Downloads\reason-core-security-setup.exe


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-03-16 17:04 - 2017-12-02 22:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-16 15:06 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 14:28 - 2016-11-18 17:59 - 000000000 ____D C:\Users\RandyA\AppData\LocalLow\Mozilla
2018-03-16 12:47 - 2017-12-02 22:47 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DEFE5449-7187-4699-9303-8E2A905D537F}
2018-03-16 12:47 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-16 12:47 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-16 00:31 - 2016-09-25 16:49 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-15 23:59 - 2017-04-11 13:24 - 000000000 ___RD C:\Users\RandyA\Dropbox
2018-03-13 23:50 - 2016-10-14 16:54 - 000000000 ____D C:\Users\RandyA\Documents\Animal Advocates Oct 2016 on
2018-03-13 20:30 - 2017-12-02 22:44 - 001663824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-13 20:23 - 2017-12-02 22:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-13 19:28 - 2017-12-02 22:26 - 000000000 ____D C:\Users\RandyA
2018-03-13 19:08 - 2017-08-10 22:08 - 000000000 ____D C:\Users\RandyA\Documents\Animal Advocates older stuff
2018-03-13 17:47 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-13 17:43 - 2017-12-02 22:49 - 000000000 ___RD C:\Users\RandyA\3D Objects
2018-03-13 17:43 - 2016-08-26 18:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-13 17:36 - 2017-12-09 12:39 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-13 17:36 - 2017-12-02 22:22 - 000428560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-13 17:34 - 2017-09-29 04:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-13 17:32 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-13 17:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-13 17:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 16:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-13 15:25 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 15:24 - 2016-08-26 18:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 15:21 - 2017-10-10 20:07 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 15:21 - 2016-08-26 18:31 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 15:11 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 15:11 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 14:59 - 2017-12-02 22:47 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1495912364
2018-03-13 14:59 - 2017-06-29 16:56 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-13 14:59 - 2017-05-27 15:12 - 000000000 ____D C:\Program Files\Opera
2018-03-13 14:54 - 2017-12-02 22:47 - 000004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-13 14:54 - 2017-12-02 22:47 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 14:54 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 14:54 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-10 19:02 - 2016-09-14 14:24 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Audacity
2018-03-04 22:17 - 2016-10-26 17:29 - 000000000 ____D C:\Users\RandyA\Documents\Support Group
2018-03-01 22:17 - 2016-09-10 17:33 - 000000000 ____D C:\Users\RandyA\AppData\Local\ElevatedDiagnostics
2018-03-01 11:51 - 2017-12-02 22:47 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-28 19:29 - 2017-04-11 13:22 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-28 14:20 - 2017-05-27 15:08 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 14:20 - 2017-05-27 15:08 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 22:38 - 2016-11-13 14:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-25 22:34 - 2017-05-25 21:39 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-02-24 22:34 - 2016-08-28 20:21 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\vlc
2018-02-23 15:46 - 2016-09-12 09:16 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\CoreFTP
2018-02-20 16:26 - 2017-11-24 17:52 - 000421888 _____ C:\Users\RandyA\Documents\New Support Group database - updated-11-24-2017.mdb
2018-02-19 19:59 - 2017-12-02 22:27 - 000000000 ____D C:\Users\RandyA\AppData\Local\Packages
2018-02-18 19:50 - 2016-09-24 21:11 - 000000000 ____D C:\Users\RandyA\AppData\Local\Windows Live
2018-02-15 15:14 - 2016-08-27 00:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-15 15:08 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-15 15:07 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-15 15:07 - 2017-02-14 18:50 - 000000000 ____D C:\AdwCleaner
2018-02-15 14:58 - 2017-05-05 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-15 14:58 - 2016-08-27 00:09 - 000001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk


==================== Files in the root of some directories =======


2017-09-06 20:43 - 2017-09-06 20:43 - 000463842 _____ () C:\Users\RandyA\ariskkey.exe
2017-06-29 16:49 - 2017-06-29 19:00 - 000682996 _____ () C:\Users\RandyA\AppData\Roaming\AvidCloudClientServices_Install.log
2017-06-28 20:17 - 2017-07-01 22:21 - 000001876 _____ () C:\Users\RandyA\AppData\Roaming\Avid_CCS_Service_Stop.log
2016-09-14 13:47 - 2016-09-14 13:49 - 000001167 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.1.txt
2016-09-14 13:47 - 2016-09-14 13:47 - 000001167 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.2.txt
2016-09-14 13:47 - 2016-09-15 10:59 - 000000905 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.txt
2016-09-14 13:47 - 2016-09-15 10:59 - 000000000 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-05-31 18:08 - 2017-11-19 22:37 - 000020992 _____ () C:\Users\RandyA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-15 18:46 - 2017-02-15 18:46 - 000000036 _____ () C:\Users\RandyA\AppData\Local\housecall.guid.cache
2017-10-19 12:04 - 2017-10-19 12:04 - 000004096 ____H () C:\Users\RandyA\AppData\Local\keyfile3.drm
2018-02-02 00:59 - 2018-02-02 00:59 - 000000218 _____ () C:\Users\RandyA\AppData\Local\recently-used.xbel
2016-08-28 22:47 - 2016-08-28 22:47 - 000000017 _____ () C:\Users\RandyA\AppData\Local\resmon.resmoncfg
2017-09-15 20:41 - 2017-09-15 20:42 - 000000129 _____ () C:\Users\RandyA\AppData\Local\Support.ini


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2018-03-11 17:38


==================== End of FRST.txt ============================




Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by RandyA (16-03-2018 17:09:00)
Running from C:\Users\RandyA\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-03 02:49:10)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-3248382330-3174346777-3720087843-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3248382330-3174346777-3720087843-503 - Limited - Disabled)
Guest (S-1-5-21-3248382330-3174346777-3720087843-501 - Limited - Disabled)
RandyA (S-1-5-21-3248382330-3174346777-3720087843-1001 - Administrator - Enabled) => C:\Users\RandyA
SophosSAUDESKTOP-aaa (S-1-5-21-3248382330-3174346777-3720087843-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3248382330-3174346777-3720087843-504 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Sophos Home (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Home (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ardour5 (HKLM-x32\...\Ardour5-w64) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Asterisk Key 10.0 (HKLM-x32\...\asterisk key) (Version: - )
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Authorizer 2.9.2d15 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.2d15 - Propellerhead Software AB)
BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version: 3.2 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1180 - Steinberg Media Technologies GmbH)
Epic Privacy Browser (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Epic) (Version: 62.0.3202.94 - Epic)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
FCC (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\FCC) (Version: 2.6.14427.1001 - FreeConferenceCall LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.22.0.8473 (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\GoToMeeting) (Version: 8.22.0.8473 - LogMeIn, Inc.)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{58b3beca-b999-4f6f-a48c-81681136a620}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Mixbus4 (HKLM-x32\...\Mixbus4-w64) (Version: - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.0.32 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.4.1.59 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.4.1512 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.0.51 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
NTI Backup Now EZ 4 (HKLM-x32\...\{249E38A7-26F9-4C82-A95B-CDA5184A54CF}) (Version: 4.0.2.52 - NTI Corporation) Hidden
NTI Backup Now EZ 4 (HKLM-x32\...\InstallShield_{249E38A7-26F9-4C82-A95B-CDA5184A54CF}) (Version: 4.0.2.52 - NTI Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
PACE License Support Win64 (HKLM\...\{4C3A303E-2761-4f07-9723-A0470315853F}) (Version: 3.1.5.1779 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{4C3A303E-2761-4f07-9723-A0470315853F}) (Version: 3.1.5.1779 - PACE Anti-Piracy, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7874 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RescuePRO Deluxe 6.0.1.7 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 6.0.1.7 - LC Technology International, Inc.)
Sophos Anti-Virus (HKLM-x32\...\{2519A41E-5D7C-429B-B2DB-1E943927CB3D}) (Version: 10.7.6.117 - Sophos Limited) Hidden
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.8.335 - Sophos Limited) Hidden
Sophos Clean (HKLM\...\SophosClean) (Version: 3.7.13.262 - Sophos Limited)
Sophos Diagnostic Utility (HKLM-x32\...\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}) (Version: 1.20.0.4 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 1.1.4 - Sophos Ltd)
Sophos Home (HKLM-x32\...\{65174B13-CB1D-45A8-8B65-69F87AAAAFEB}) (Version: 2.1.137 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.7.15 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.3.2.40 - Sophos Limited) Hidden
Sophos System Protection (HKLM\...\{934BEF80-B9D1-4A86-8B42-D8A6716A8D27}) (Version: 2.6.0.71 - Sophos Limited) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Torch (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Torch) (Version: 60.0.0.1508 - Torch Media, Inc) <==== ATTENTION
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wise Data Recovery 3.87 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.87 - WiseCleaner.com, Inc.)
Workspace Desktop (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\workspacedesktop) (Version: - Starfield Technologies)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\RandyA\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\RandyA\AppData\Local\GoToMeeting\8404\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\RandyA\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-06-08] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-06-08] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> No File
ContextMenuHandlers2: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0C745336-1AE2-454D-8CF6-9D4C59562EF7} - System32\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001 => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupdate.exe [2018-03-08] (LogMeIn, Inc.)
Task: {0F695A24-D2D3-4883-BAD7-A054856878F6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {11950068-5E9C-4B88-A6FE-23BCC609A130} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-11] (Dropbox, Inc.)
Task: {1A5E915E-E0EF-4BB6-AE74-56DB4ABD430D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1BFD642F-370C-4549-9E4F-D6FCC59AFF1F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {241DF5D3-A743-48DF-834D-FF8BCE4BBE1B} - System32\Tasks\SafeZone scheduled Autoupdate 1489620631 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3762ABA5-21FA-4309-BC63-1AFFB3B74A46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-11] (Dropbox, Inc.)
Task: {449426C4-6D06-4F2B-88D8-E97856259656} - System32\Tasks\Opera scheduled Autoupdate 1495912364 => c:\program files\opera\launcher.exe [2018-03-08] (Opera Software)
Task: {44CC0DCA-6385-4045-A95C-1013F7789E2E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-14] (AVAST Software)
Task: {624D11A9-54B0-4B44-85DC-EA0F6F93839E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {64F87EF9-64E3-4352-BD4A-FC1B094C2925} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {694203DB-B5CA-4649-BC8C-00BF0AAD542F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {6EB187D8-7725-4714-AAD3-FC9833E61CEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-27] (Google Inc.)
Task: {814A283D-BD67-42DC-B56B-0522D33242B7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {99F9E7FB-AD2C-4429-8934-66ECEB7E036F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {E7C550B3-58BB-41A3-B172-CB3E9FE55992} - System32\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001 => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupload.exe [2018-03-08] (LogMeIn, Inc.)
Task: {F3E9907B-B34A-47A2-B9DC-020C9AF0D26B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {FD482D6F-ED44-4DE5-B2E3-1110F8A18DEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-27] (Google Inc.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupload.exe


==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




ShortcutWithArgument: C:\Users\RandyA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ef49d45f7b6ad4f8\Torch.lnk -> C:\Users\RandyA\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default


==================== Loaded Modules (Whitelisted) ==============


2017-08-16 14:39 - 2017-05-26 06:47 - 000090096 _____ () C:\WINDOWS\System32\cpwmon64_v32.dll
2017-05-25 21:38 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-11-06 17:12 - 2014-11-06 17:12 - 000095432 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 13:23 - 2017-01-26 13:23 - 000234336 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000141424 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000120072 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000077432 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000165728 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000149168 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2017-09-06 14:39 - 2017-11-29 10:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-31 15:45 - 2016-10-31 15:45 - 000592384 _____ () C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll
2018-03-13 15:07 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:07 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-15 15:28 - 2018-03-15 15:29 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 19:46 - 2018-03-09 19:46 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-25 21:38 - 2018-03-13 20:24 - 000033936 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-05-25 21:38 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-11-06 17:12 - 2014-11-06 17:12 - 000053448 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\SendMsgCallbackDll.dll
2014-11-06 17:12 - 2014-11-06 17:12 - 000065736 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\XMLParser.dll
2016-10-31 15:43 - 2016-10-31 15:43 - 000564736 _____ () C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX32.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2015-10-30 03:24 - 2018-02-19 19:54 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RandyA\Pictures\Nature pics\deer-1987.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: CsrBtOBEXService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 2
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: PDFescape Desktop Creator => 2
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "BackupNowEZ4Tray"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [UDP Query User{2B2C1366-ACE0-4D61-BE24-1235DD20337D}C:\users\randya\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\randya\appdata\local\epic privacy browser\application\epic.exe
FirewallRules: [TCP Query User{ED22F687-2FC1-479B-9815-BEF331958BD2}C:\users\randya\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\randya\appdata\local\epic privacy browser\application\epic.exe
FirewallRules: [UDP Query User{C5E3B4D7-30E6-4482-8B89-9C2DC4EA6D60}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [TCP Query User{F56154DE-31F0-4006-83B4-97FBF6CF8183}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [{D3B8D32F-1F29-41C6-AAA4-6718EDB96F2A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_1\SZBrowser.exe
FirewallRules: [{25E51C92-D326-4F54-8743-FACD93363BD0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{D3516075-097A-46A2-B73C-256E573515DC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [UDP Query User{C8641DB9-6078-49A9-A39D-97F2A44332C4}I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe] => (Allow) I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe
FirewallRules: [TCP Query User{5C5CB519-E44D-4724-BE68-9EE1AE612BD8}I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe] => (Allow) I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe
FirewallRules: [UDP Query User{456841CA-21E4-4455-A927-E2F9AC52A6E4}C:\program files\native instruments\reaktor 6\reaktor 6.exe] => (Allow) C:\program files\native instruments\reaktor 6\reaktor 6.exe
FirewallRules: [TCP Query User{3BFE947A-DDF5-4A7B-8F44-D19A0A8217E3}C:\program files\native instruments\reaktor 6\reaktor 6.exe] => (Allow) C:\program files\native instruments\reaktor 6\reaktor 6.exe
FirewallRules: [TCP Query User{30317D1B-77A9-40B1-9A7E-2B769A4F0783}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{862F122B-5844-48A0-BF44-B5AD82C66546}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{8E08E053-9784-49AB-9468-EB2F446E7384}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1FA8091-3E6C-4E8F-9953-EA34068A1991}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE57C778-9DEC-4439-BB21-C4016FF28D3D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3B483B00-AB67-4210-AF54-68EA29C411D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{85178E12-FD03-40BA-85B6-9081FE5B9A06}C:\users\randya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\randya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{70F0AD41-701C-416B-AF4B-6D3189A4A31A}C:\users\randya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\randya\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26274D1B-2C8E-4507-8B9C-13FE76C59329}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{292E97FE-66AC-4447-B149-D6064717AF5D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9F2E393A-93BD-4956-9D11-78D3DE9846DE}] => (Allow) c:\program files\opera\51.0.2830.40\opera.exe
FirewallRules: [{FE157FB1-789C-424C-95CE-73A050434BF8}] => (Allow) C:\Users\RandyA\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{9E468AA2-5AD9-43F9-91FD-5F2454ABA04E}] => (Allow) C:\Users\RandyA\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{71C4F5B3-C25F-47B6-98E5-866FB07A7CB0}] => (Allow) C:\Users\RandyA\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{91E5F986-29C6-4549-9D4E-6FAE0301E69F}] => (Allow) c:\program files\opera\51.0.2830.55\opera.exe


==================== Restore Points =========================


23-02-2018 13:55:34 Scheduled Checkpoint
06-03-2018 18:51:16 Scheduled Checkpoint
13-03-2018 15:06:06 Windows Update


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (03/16/2018 12:48:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.


Error: (03/16/2018 12:00:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.


Error: (03/15/2018 03:29:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.


Error: (03/13/2018 11:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 18.11.20038.5321, time stamp: 0x5a8eec86
Faulting module name: AcroRd32.dll, version: 18.11.20038.5321, time stamp: 0x5a8eec68
Exception code: 0xc0000005
Fault offset: 0x001d2fff
Faulting process id: 0xf5c
Faulting application start time: 0x01d3bb45d472d40f
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Report Id: 7d53e0c2-6f71-43df-ad95-cc44157564fc
Faulting package full name:
Faulting package-relative application ID:


Error: (03/13/2018 11:24:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1574
Faulting application start time: 0x01d3bb428f7c0209
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 580ea809-2ccf-455e-afe1-73887063209c
Faulting package full name:
Faulting package-relative application ID:


Error: (03/13/2018 11:14:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x259c
Faulting application start time: 0x01d3bb40f90d80c4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: a34989af-b050-46ca-8d12-f276a517cb8a
Faulting package full name:
Faulting package-relative application ID:


Error: (03/13/2018 11:02:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x2b8c
Faulting application start time: 0x01d3bb3a18b00025
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 2a9f429b-7827-4721-b59f-c402cf93628d
Faulting package full name:
Faulting package-relative application ID:


Error: (03/13/2018 10:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1bc8
Faulting application start time: 0x01d3bb37f3bf3cfe
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: abc9c584-e8c9-40fe-80ed-8965135ef338
Faulting package full name:
Faulting package-relative application ID:




System errors:
=============
Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/15/2018 11:59:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IFOJE18)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-IFOJE18\RandyA SID (S-1-5-21-3248382330-3174346777-3720087843-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/15/2018 08:33:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/15/2018 08:33:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (03/15/2018 08:33:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.




Windows Defender:
===================================
Date: 2017-12-02 21:48:05.961
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.


Date: 2017-12-02 21:48:05.343
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.


CodeIntegrity:
===================================


Date: 2018-03-16 16:59:47.195
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:59:47.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:59:08.013
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:59:08.012
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:44:46.127
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:44:46.123
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:29:45.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-03-16 16:29:45.123
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================


Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8098.03 MB
Available physical RAM: 5217.82 MB
Total Virtual: 10202.39 MB
Available Virtual: 6714.65 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:930.56 GB) (Free:741.27 GB) NTFS
Drive d: (TOSHIBA EXT XP) (Fixed) (Total:931.41 GB) (Free:340.07 GB) NTFS


\\?\Volume{f0bb3031-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f0bb3031-0000-0000-0000-20c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F0BB3031)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=473 MB) - (Type=27)


========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9117A580)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
Hi, Randatlas.

It appears that Brian and I both replied within seconds of one another! Since we've already dubbed Brian the expert with solving the "weird symbols", I'll back off unless/until he asks me to step in. You are in great hands with him guiding you.
 
Thank you, Corrine! Looking forward to hosting a going away party for those weird Chinese symbols in my registry! :LOL:
 
OK, let's continue. Can you please uninstall the program named Torch (unless you specifically installed it and want it for some reason).

1. Right-click your Start button and select Apps and Features
2. Locate Torch in the list and the click on it and then select Uninstall.


Then, Please zip up your entire C:\FRST\Hives folder. Upload it to SendSpace and then send me a PM with the link. We don't want the link here in the public forum. Thanks.
 
I got the hives. So two questions.

1. Did you uninstall Torch or decide to keep it?
2. Where exactly do you see the chinese characters in your registry? I don't want to assume.

Thanks.
 
Brian,

1) I did uninstall Torch before I zipped up hives. Torch comes with a separate music program and video program (I didn't use them...I saw the icons on my desktop) but I forgot to check for their existence after the uninstall. I'm on my tablet now so will have to check this later.

2) Will check this one as well.

Thank you!
 
Brian,

1) I did uninstall Torch before I zipped up hives. Torch comes with a separate music program and video program (I didn't use them...I saw the icons on my desktop) but I forgot to check for their existence after the uninstall. I'm on my tablet now so will have to check this later.

2) Will check this one as well.

Thank you!


1) All components of Torch look like they're gone -- the browser, the music & video apps, etc. I still have the installer file (the .exe); forgot to get rid of that.

2) The weird symbols are under:
HKEY_CURRENT_USER
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top