Dear Corrine and Brian,
Thank you very much for taking me by the hand and walking me through this! :smile9:
Okay, below are the logs you asked for:
FRST.txt log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by RandyA (administrator) on DESKTOP-IFOJE18 (16-03-2018 17:06:44)
Running from C:\Users\RandyA\Desktop
Loaded Profiles: RandyA (Available Profiles: RandyA)
Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Limited) C:\Program Files\SophosClean\scsched.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
() C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos System Protection\ssp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TorchMedia Inc.) C:\Users\RandyA\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Sophos Limited) C:\Program Files\SophosClean\scsched.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Starfield Technologies) C:\Users\RandyA\AppData\Local\Workspace\workspaceupdate.exe
(Starfield Technologies) C:\Users\RandyA\AppData\Local\Workspace\workspacestatus.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hidden Reflex Authors) C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8842496 2016-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)
HKLM-x32\...\Run: [BackupNowEZ4Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1093832 2014-11-06] (NTI Corporation)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1516096 2017-05-09] (Sophos Limited)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Starfield Updater] => C:\Users\RandyA\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2017-06-08] (Starfield Technologies)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Workspace Status] => C:\Users\RandyA\AppData\Local\Workspace\workspacestatus.exe [694760 2017-06-08] (Starfield Technologies)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2017-10-16] (Epic Privacy Browser)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Run: [Spotify Web Helper] => C:\Users\RandyA\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-02-27] (Spotify Ltd)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1d86b617-c757-493d-95e7-2ebaffbab114}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001 -> {B5F83D20-F928-4117-A9C7-FF6F0209439F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-01-19] (Skype Technologies)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001 -> hxxp://www.google.com/
FireFox:
========
FF DefaultProfile: n08e00at.default-1507151350608
FF ProfilePath: C:\Users\RandyA\AppData\Roaming\Mozilla\Firefox\Profiles\n08e00at.default-1507151350608 [2018-03-16]
FF Homepage: Mozilla\Firefox\Profiles\n08e00at.default-1507151350608 ->
Google
FF NewTabOverride: Mozilla\Firefox\Profiles\n08e00at.default-1507151350608 -> Disabled:
mailcheck@mail.com
FF Extension: (WBE Paste) - C:\Users\RandyA\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2017-06-08] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-24] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @freeconferencecall.com/launcher -> C:\Users\RandyA\AppData\Local\FCCPlugins\npfcclauncher.dll [2017-05-04] (FreeConferenceCall)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/off -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/off64 -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/wbe -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-06-08] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @starfield.com/wbe64 -> C:\Users\RandyA\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-06-08] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-10-16] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\RandyA\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-10-16] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-3248382330-3174346777-3720087843-1001: jpl.nasa.gov/NASAEyes -> C:\Users\RandyA\Pictures\Saturn Mission\NASA's Eyes\npNASAEyes.dll [2017-04-19] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npoff.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-06-08] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-06-08] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\RandyA\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-06-08] (Starfield Technology, LLC)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://webmail.earthlink.net/wam/login.jsp?redirect=%2Fwam%2Findex.jsp&x=797174875&x=1943030401"
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default [2018-03-13]
CHR Extension: (Slides) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-13]
CHR Extension: (Docs) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-13]
CHR Extension: (Google Drive) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-27]
CHR Extension: (Signal Private Messenger) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2017-06-29]
CHR Extension: (YouTube) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-27]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-24]
CHR Extension: (Avast Passwords) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-04-04]
CHR Extension: (Google Sheets) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-27]
CHR Extension: (The Great Suspender) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-29]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Video Cutter) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai [2017-03-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-08-10]
CHR Extension: (Gmail) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\RandyA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxp://www.google.com/","hxxp://www.gmail.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (Stormcrow) - C:\Users\RandyA\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2018-02-24]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
S4 CsrBtOBEXService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [95432 2014-11-06] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [235872 2017-09-27] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-09-27] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [925824 2017-01-26] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [773080 2017-05-09] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [1301976 2017-09-27] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [1715464 2017-09-27] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-09-27] (Sophos Limited)
R2 SophosCleanScheduler; C:\Program Files\SophosClean\scsched.exe [135496 2017-06-29] (Sophos Limited)
R2 SophosDataRecorderService; C:\Program Files\Sophos\Sophos Data Recorder\SDRService.exe [996240 2016-09-12] (Sophos Limited)
R2 sophossps; C:\Program Files\Sophos\Sophos System Protection\ssp.exe [5366040 2016-09-12] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-09-27] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3596088 2017-09-27] (Sophos Limited)
R2 TorchCrashHandler; C:\Users\RandyA\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217216 2018-02-01] (TorchMedia Inc.) <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u
https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-03-13] (Malwarebytes)
R3 NIWinCDEmu; C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [112408 2016-09-07] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-09-22] (Realtek )
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [204328 2017-09-27] (Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2017-06-02] (Sophos Limited)
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [123848 2017-01-26] (Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2017-06-02] (Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2017-06-02] (Sophos Limited)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-16 17:06 - 2018-03-16 17:08 - 000026146 _____ C:\Users\RandyA\Desktop\FRST.txt
2018-03-16 17:06 - 2018-03-16 17:06 - 000000000 ____D C:\FRST
2018-03-16 17:05 - 2018-03-16 17:04 - 002403328 _____ (Farbar) C:\Users\RandyA\Desktop\FRST64.exe
2018-03-16 17:04 - 2018-03-16 17:04 - 002403328 _____ (Farbar) C:\Users\RandyA\Downloads\FRST64.exe
2018-03-16 12:59 - 2018-03-16 13:02 - 000000000 ____D C:\Users\RandyA\Downloads\Circus stuff
2018-03-14 00:05 - 2018-03-14 00:05 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page (3).pub
2018-03-14 00:03 - 2018-03-14 00:03 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page (2).pub
2018-03-14 00:01 - 2018-03-14 00:01 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page.pub
2018-03-14 00:01 - 2018-03-14 00:01 - 000366080 _____ C:\Users\RandyA\Downloads\Flyer for postcards - two to a page (1).pub
2018-03-13 20:54 - 2018-03-13 22:34 - 000002304 _____ C:\Users\RandyA\Desktop\AAofWNY Email list 03-13-2018.txt
2018-03-13 18:02 - 2018-03-13 18:02 - 001101446 _____ C:\Users\RandyA\Desktop\Security.zip
2018-03-13 18:01 - 2018-03-13 18:01 - 021041152 _____ C:\Users\RandyA\Desktop\Security.evtx
2018-03-13 18:01 - 2018-03-13 18:01 - 000000000 ____D C:\Users\RandyA\Desktop\LocaleMetaData
2018-03-13 17:37 - 2018-03-02 17:09 - 000834552 _____ C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-03-13 17:37 - 2018-03-02 17:09 - 000179704 _____ C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 15:58 - 2018-03-13 15:58 - 000096879 _____ C:\Users\RandyA\Downloads\Application for CCWE Membership (1).pdf
2018-03-13 15:10 - 2017-06-02 17:01 - 000047760 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2018-03-13 15:07 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-03-13 15:07 - 2018-03-01 22:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-03-13 15:07 - 2018-03-01 03:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-03-13 15:07 - 2018-03-01 03:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-03-13 15:07 - 2018-03-01 03:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-03-13 15:07 - 2018-03-01 03:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-03-13 15:07 - 2018-03-01 03:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-03-13 15:07 - 2018-03-01 03:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-03-13 15:07 - 2018-03-01 03:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-03-13 15:07 - 2018-03-01 03:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-03-13 15:07 - 2018-03-01 03:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-13 15:07 - 2018-03-01 03:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-13 15:07 - 2018-03-01 03:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-03-13 15:07 - 2018-03-01 03:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-03-13 15:07 - 2018-03-01 03:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-03-13 15:07 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-03-13 15:07 - 2018-03-01 03:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-03-13 15:07 - 2018-03-01 03:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-03-13 15:07 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-13 15:07 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-03-13 15:07 - 2018-03-01 03:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-03-13 15:07 - 2018-03-01 03:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-03-13 15:07 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-13 15:07 - 2018-03-01 03:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-03-13 15:07 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-13 15:07 - 2018-03-01 03:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-03-13 15:07 - 2018-03-01 03:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-03-13 15:07 - 2018-03-01 03:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-03-13 15:07 - 2018-03-01 03:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-03-13 15:07 - 2018-03-01 03:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-03-13 15:07 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-13 15:07 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-03-13 15:07 - 2018-03-01 03:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-03-13 15:07 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-13 15:07 - 2018-03-01 03:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-03-13 15:07 - 2018-03-01 02:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-03-13 15:07 - 2018-03-01 02:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-03-13 15:07 - 2018-03-01 02:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-03-13 15:07 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-03-13 15:07 - 2018-03-01 02:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-03-13 15:07 - 2018-03-01 02:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-13 15:07 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-03-13 15:07 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-03-13 15:07 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-03-13 15:07 - 2018-03-01 02:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-03-13 15:07 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll
2018-03-13 15:07 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-03-13 15:07 - 2018-03-01 02:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-03-13 15:07 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-03-13 15:07 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-03-13 15:07 - 2018-03-01 02:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-03-13 15:07 - 2018-03-01 02:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-03-13 15:07 - 2018-03-01 02:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-03-13 15:07 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-03-13 15:07 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-03-13 15:07 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-03-13 15:07 - 2018-03-01 01:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-03-13 15:07 - 2018-03-01 01:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-03-13 15:07 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-03-13 15:07 - 2018-03-01 01:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-03-13 15:07 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-03-13 15:07 - 2018-03-01 01:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-13 15:07 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-03-13 15:07 - 2018-03-01 01:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-03-13 15:07 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-03-13 15:07 - 2018-03-01 01:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-03-13 15:07 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2018-03-13 15:07 - 2018-03-01 01:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-03-13 15:07 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-03-13 15:07 - 2018-03-01 01:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-03-13 15:07 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-03-13 15:07 - 2018-03-01 01:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-03-13 15:07 - 2018-03-01 01:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-03-13 15:07 - 2018-03-01 01:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-13 15:07 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-03-13 15:07 - 2018-03-01 01:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-13 15:07 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-03-13 15:07 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-13 15:07 - 2018-03-01 01:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-03-13 15:07 - 2018-03-01 01:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-03-13 15:07 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-03-13 15:07 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-03-13 15:07 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-03-13 15:07 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-03-13 15:07 - 2018-03-01 01:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-03-13 15:07 - 2018-03-01 01:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-03-13 15:07 - 2018-03-01 01:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-03-13 15:07 - 2018-03-01 01:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-13 15:07 - 2018-03-01 01:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-03-13 15:07 - 2018-03-01 01:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-03-13 15:07 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-03-13 15:07 - 2018-03-01 01:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-03-13 15:07 - 2018-03-01 01:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-03-13 15:07 - 2018-03-01 01:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-03-13 15:07 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-03-13 15:07 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-03-13 15:07 - 2018-03-01 01:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-03-13 15:07 - 2018-03-01 01:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-03-13 15:07 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-03-13 15:07 - 2018-03-01 01:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-03-13 15:07 - 2018-03-01 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-03-13 15:07 - 2018-02-21 22:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-03-13 15:07 - 2018-02-21 22:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-03-13 15:07 - 2018-02-21 22:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-03-13 15:07 - 2018-02-21 22:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-03-13 15:07 - 2018-02-21 22:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-03-13 15:07 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-03-13 15:07 - 2018-02-21 22:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-03-13 15:07 - 2018-02-21 22:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-03-13 15:07 - 2018-02-21 22:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-03-13 15:07 - 2018-02-21 22:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-03-13 15:07 - 2018-02-21 22:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-03-13 15:07 - 2018-02-21 22:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-03-13 15:07 - 2018-02-21 22:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-03-13 15:07 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-03-13 15:07 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-03-13 15:07 - 2018-02-21 21:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-03-13 15:07 - 2018-02-21 21:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-03-13 15:07 - 2018-02-21 21:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-03-13 15:07 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-03-13 15:07 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-03-13 15:07 - 2018-02-21 21:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-03-13 15:07 - 2018-02-21 20:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-03-13 15:07 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-03-13 15:07 - 2018-02-21 20:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-03-13 15:07 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-03-13 15:07 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-03-13 15:07 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-03-13 15:06 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-13 15:06 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-13 15:06 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-13 15:06 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2018-03-13 15:06 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-13 15:06 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-03-13 15:06 - 2018-03-01 03:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-03-13 15:06 - 2018-03-01 03:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-03-13 15:06 - 2018-03-01 03:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-03-13 15:06 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-03-13 15:06 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-03-13 15:06 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-03-13 15:06 - 2018-03-01 02:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-03-13 15:06 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2018-03-13 15:06 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-03-13 15:06 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2018-03-13 15:06 - 2018-03-01 01:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-13 15:06 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-03-13 15:06 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2018-03-13 15:06 - 2018-03-01 01:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-03-13 15:06 - 2018-03-01 01:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-03-13 15:06 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-03-13 15:06 - 2018-03-01 01:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-03-13 15:06 - 2018-03-01 01:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-03-13 15:06 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-03-13 15:06 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-03-13 15:06 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-03-13 15:06 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-03-13 14:54 - 2018-03-13 14:54 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-10 17:16 - 2018-03-10 17:16 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Torch
2018-03-09 20:25 - 2018-03-09 20:25 - 000608064 _____ C:\Users\RandyA\Downloads\Do Elephants Belong in the Circus- - YouTube[via torchbrowser.com] (2).mp4
2018-03-09 20:24 - 2018-03-13 20:25 - 000000000 ____D C:\ProgramData\TorchCrashHandler
2018-03-09 20:24 - 2018-03-09 20:24 - 000001266 _____ C:\Users\RandyA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2018-03-09 20:24 - 2018-03-09 20:24 - 000001258 _____ C:\Users\RandyA\Desktop\Torch.lnk
2018-03-09 20:23 - 2018-03-09 20:24 - 000000000 ____D C:\Users\RandyA\AppData\Local\Torch
2018-03-09 20:23 - 2018-03-09 20:23 - 001668496 _____ (Torch Media, Inc) C:\Users\RandyA\Downloads\TorchSetup-r20-n-be (1).exe
2018-03-09 20:22 - 2018-03-09 20:22 - 001668496 _____ (Torch Media, Inc) C:\Users\RandyA\Downloads\TorchSetup-r20-n-be.exe
2018-03-09 19:44 - 2018-03-09 19:53 - 002435459 _____ C:\Users\RandyA\Documents\IMG_20180309_0001.pdf
2018-03-08 23:32 - 2018-03-08 23:32 - 000532310 _____ C:\Users\RandyA\Downloads\Friends of Animals Event.pdf
2018-03-08 14:15 - 2018-03-08 14:15 - 000000000 ____D C:\Users\RandyA\Documents\Utopia Tix 05-19-2018
2018-03-08 14:14 - 2018-03-08 14:14 - 000189630 _____ C:\Users\RandyA\Downloads\CH230-57540.pdf
2018-03-08 14:14 - 2018-03-08 14:14 - 000189630 _____ C:\Users\RandyA\Documents\Utopia-2Tix-05-19-2018.pdf
2018-03-08 14:13 - 2018-03-08 14:14 - 005472543 _____ C:\Users\RandyA\Documents\IMG_20180308_0001.pdf
2018-03-06 17:48 - 2018-03-06 17:48 - 000020835 _____ C:\Users\RandyA\Downloads\ACORD Form 20180228-155025.pdf
2018-03-01 19:27 - 2018-03-11 17:27 - 000000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job
2018-03-01 19:27 - 2018-03-11 17:27 - 000000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job
2018-03-01 19:27 - 2018-03-08 14:40 - 000003840 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001
2018-03-01 19:27 - 2018-03-08 14:40 - 000003744 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001
2018-03-01 19:27 - 2018-03-08 14:40 - 000000000 ____D C:\Users\RandyA\AppData\Local\GoToMeeting
2018-03-01 19:26 - 2018-03-01 19:26 - 000000000 ____D C:\Users\RandyA\AppData\Local\GoTo Opener
2018-02-28 19:29 - 2018-02-28 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-02-26 14:17 - 2018-03-02 23:56 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Spotify
2018-02-26 14:17 - 2018-03-02 23:56 - 000000000 ____D C:\Users\RandyA\AppData\Local\Spotify
2018-02-26 14:17 - 2018-02-26 14:17 - 000725488 _____ (Spotify Ltd) C:\Users\RandyA\Downloads\SpotifySetup (1).exe
2018-02-26 14:17 - 2018-02-26 14:17 - 000001855 _____ C:\Users\RandyA\Desktop\Spotify.lnk
2018-02-26 14:17 - 2018-02-26 14:17 - 000001841 _____ C:\Users\RandyA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-02-26 07:24 - 2018-02-26 07:24 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-02-26 07:24 - 2018-02-26 07:24 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-02-26 07:24 - 2018-02-26 07:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-02-23 15:35 - 2018-02-23 15:35 - 000000106 _____ C:\Users\RandyA\Desktop\from randy.txt
2018-02-20 14:22 - 2018-02-20 14:33 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Wise Data Recovery
2018-02-20 14:22 - 2018-02-20 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Data Recovery
2018-02-20 14:22 - 2018-02-20 14:22 - 000000000 ____D C:\Program Files (x86)\Wise
2018-02-20 13:36 - 2018-02-20 14:22 - 000483328 _____ C:\Users\RandyA\Documents\New Support Group database - updated-02-10-2018.accdb
2018-02-20 13:08 - 2018-02-20 13:09 - 000001699 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-02-20 13:08 - 2018-02-20 13:09 - 000000000 ____D C:\Program Files\Recuva
2018-02-20 13:08 - 2018-02-20 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-02-20 05:09 - 2018-02-20 05:09 - 000000000 ____D C:\Users\RandyA\Documents\Recovered
2018-02-19 20:38 - 2018-02-19 20:38 - 000001203 _____ C:\Users\Public\Desktop\RescuePRO Deluxe.lnk
2018-02-19 20:38 - 2018-02-19 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescuePRO Deluxe
2018-02-19 20:31 - 2018-02-19 20:38 - 000000000 ____D C:\Program Files (x86)\RescuePRO Deluxe
2018-02-19 20:31 - 2018-02-19 20:31 - 000000000 ____D C:\Users\RandyA\licman
2018-02-19 20:31 - 2018-02-19 20:31 - 000000000 ____D C:\Users\RandyA\AppData\Local\LC Technology Inc
2018-02-19 20:30 - 2018-02-19 20:30 - 016337397 _____ C:\Users\RandyA\Downloads\RPDLXWIN.zip
2018-02-18 21:11 - 2018-02-18 21:11 - 302253702 _____ C:\Users\RandyA\Desktop\Tines - Tines Demo - 9 songs.zip
2018-02-15 14:48 - 2018-02-15 14:48 - 000000000 ____D C:\ProgramData\Reason
2018-02-15 14:46 - 2018-02-15 14:46 - 008828672 _____ (Reason Software Company Inc.) C:\Users\RandyA\Downloads\reason-core-security-setup.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-03-16 17:04 - 2017-12-02 22:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-16 15:06 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-03-16 14:28 - 2016-11-18 17:59 - 000000000 ____D C:\Users\RandyA\AppData\LocalLow\Mozilla
2018-03-16 12:47 - 2017-12-02 22:47 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DEFE5449-7187-4699-9303-8E2A905D537F}
2018-03-16 12:47 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-16 12:47 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-16 00:31 - 2016-09-25 16:49 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-15 23:59 - 2017-04-11 13:24 - 000000000 ___RD C:\Users\RandyA\Dropbox
2018-03-13 23:50 - 2016-10-14 16:54 - 000000000 ____D C:\Users\RandyA\Documents\Animal Advocates Oct 2016 on
2018-03-13 20:30 - 2017-12-02 22:44 - 001663824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-13 20:23 - 2017-12-02 22:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-13 19:28 - 2017-12-02 22:26 - 000000000 ____D C:\Users\RandyA
2018-03-13 19:08 - 2017-08-10 22:08 - 000000000 ____D C:\Users\RandyA\Documents\Animal Advocates older stuff
2018-03-13 17:47 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF
2018-03-13 17:43 - 2017-12-02 22:49 - 000000000 ___RD C:\Users\RandyA\3D Objects
2018-03-13 17:43 - 2016-08-26 18:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-13 17:36 - 2017-12-09 12:39 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-13 17:36 - 2017-12-02 22:22 - 000428560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-13 17:34 - 2017-09-29 04:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-13 17:32 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-13 17:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-13 17:31 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-13 16:57 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache
2018-03-13 15:25 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-13 15:24 - 2016-08-26 18:31 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-13 15:21 - 2017-10-10 20:07 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-13 15:21 - 2016-08-26 18:31 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-13 15:11 - 2017-09-29 09:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-03-13 15:11 - 2017-09-29 09:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-03-13 14:59 - 2017-12-02 22:47 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1495912364
2018-03-13 14:59 - 2017-06-29 16:56 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2018-03-13 14:59 - 2017-05-27 15:12 - 000000000 ____D C:\Program Files\Opera
2018-03-13 14:54 - 2017-12-02 22:47 - 000004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-13 14:54 - 2017-12-02 22:47 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-03-13 14:54 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-13 14:54 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-10 19:02 - 2016-09-14 14:24 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\Audacity
2018-03-04 22:17 - 2016-10-26 17:29 - 000000000 ____D C:\Users\RandyA\Documents\Support Group
2018-03-01 22:17 - 2016-09-10 17:33 - 000000000 ____D C:\Users\RandyA\AppData\Local\ElevatedDiagnostics
2018-03-01 11:51 - 2017-12-02 22:47 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-02-28 19:29 - 2017-04-11 13:22 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-02-28 14:20 - 2017-05-27 15:08 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 14:20 - 2017-05-27 15:08 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 22:38 - 2016-11-13 14:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-25 22:34 - 2017-05-25 21:39 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2018-02-24 22:34 - 2016-08-28 20:21 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\vlc
2018-02-23 15:46 - 2016-09-12 09:16 - 000000000 ____D C:\Users\RandyA\AppData\Roaming\CoreFTP
2018-02-20 16:26 - 2017-11-24 17:52 - 000421888 _____ C:\Users\RandyA\Documents\New Support Group database - updated-11-24-2017.mdb
2018-02-19 19:59 - 2017-12-02 22:27 - 000000000 ____D C:\Users\RandyA\AppData\Local\Packages
2018-02-18 19:50 - 2016-09-24 21:11 - 000000000 ____D C:\Users\RandyA\AppData\Local\Windows Live
2018-02-15 15:14 - 2016-08-27 00:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-15 15:08 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-15 15:07 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-15 15:07 - 2017-02-14 18:50 - 000000000 ____D C:\AdwCleaner
2018-02-15 14:58 - 2017-05-05 16:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-15 14:58 - 2016-08-27 00:09 - 000001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
==================== Files in the root of some directories =======
2017-09-06 20:43 - 2017-09-06 20:43 - 000463842 _____ () C:\Users\RandyA\ariskkey.exe
2017-06-29 16:49 - 2017-06-29 19:00 - 000682996 _____ () C:\Users\RandyA\AppData\Roaming\AvidCloudClientServices_Install.log
2017-06-28 20:17 - 2017-07-01 22:21 - 000001876 _____ () C:\Users\RandyA\AppData\Roaming\Avid_CCS_Service_Stop.log
2016-09-14 13:47 - 2016-09-14 13:49 - 000001167 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.1.txt
2016-09-14 13:47 - 2016-09-14 13:47 - 000001167 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.2.txt
2016-09-14 13:47 - 2016-09-15 10:59 - 000000905 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.txt
2016-09-14 13:47 - 2016-09-15 10:59 - 000000000 _____ () C:\Users\RandyA\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-05-31 18:08 - 2017-11-19 22:37 - 000020992 _____ () C:\Users\RandyA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-15 18:46 - 2017-02-15 18:46 - 000000036 _____ () C:\Users\RandyA\AppData\Local\housecall.guid.cache
2017-10-19 12:04 - 2017-10-19 12:04 - 000004096 ____H () C:\Users\RandyA\AppData\Local\keyfile3.drm
2018-02-02 00:59 - 2018-02-02 00:59 - 000000218 _____ () C:\Users\RandyA\AppData\Local\recently-used.xbel
2016-08-28 22:47 - 2016-08-28 22:47 - 000000017 _____ () C:\Users\RandyA\AppData\Local\resmon.resmoncfg
2017-09-15 20:41 - 2017-09-15 20:42 - 000000129 _____ () C:\Users\RandyA\AppData\Local\Support.ini
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-03-11 17:38
==================== End of FRST.txt ============================
Addition.txt log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by RandyA (16-03-2018 17:09:00)
Running from C:\Users\RandyA\Desktop
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-03 02:49:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3248382330-3174346777-3720087843-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3248382330-3174346777-3720087843-503 - Limited - Disabled)
Guest (S-1-5-21-3248382330-3174346777-3720087843-501 - Limited - Disabled)
RandyA (S-1-5-21-3248382330-3174346777-3720087843-1001 - Administrator - Enabled) => C:\Users\RandyA
SophosSAUDESKTOP-aaa (S-1-5-21-3248382330-3174346777-3720087843-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3248382330-3174346777-3720087843-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Home (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Home (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Ardour5 (HKLM-x32\...\Ardour5-w64) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Asterisk Key 10.0 (HKLM-x32\...\asterisk key) (Version: - )
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Authorizer 2.9.2d15 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.2d15 - Propellerhead Software AB)
BCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Core FTP LE (x64) (HKLM-x32\...\CoreFTP(x64)) (Version: - )
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - Cambridge Silicon Radio Limited.)
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version: 3.2 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1180 - Steinberg Media Technologies GmbH)
Epic Privacy Browser (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Epic) (Version: 62.0.3202.94 - Epic)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
FCC (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\FCC) (Version: 2.6.14427.1001 - FreeConferenceCall LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.22.0.8473 (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\GoToMeeting) (Version: 8.22.0.8473 - LogMeIn, Inc.)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.12 - Magical Jelly Bean)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{58b3beca-b999-4f6f-a48c-81681136a620}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Mixbus4 (HKLM-x32\...\Mixbus4-w64) (Version: - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.7.0.32 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.4.1.59 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.4.1512 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.2.0.51 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
NTI Backup Now EZ 4 (HKLM-x32\...\{249E38A7-26F9-4C82-A95B-CDA5184A54CF}) (Version: 4.0.2.52 - NTI Corporation) Hidden
NTI Backup Now EZ 4 (HKLM-x32\...\InstallShield_{249E38A7-26F9-4C82-A95B-CDA5184A54CF}) (Version: 4.0.2.52 - NTI Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
PACE License Support Win64 (HKLM\...\{4C3A303E-2761-4f07-9723-A0470315853F}) (Version: 3.1.5.1779 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{4C3A303E-2761-4f07-9723-A0470315853F}) (Version: 3.1.5.1779 - PACE Anti-Piracy, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7874 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RescuePRO Deluxe 6.0.1.7 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 6.0.1.7 - LC Technology International, Inc.)
Sophos Anti-Virus (HKLM-x32\...\{2519A41E-5D7C-429B-B2DB-1E943927CB3D}) (Version: 10.7.6.117 - Sophos Limited) Hidden
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.8.335 - Sophos Limited) Hidden
Sophos Clean (HKLM\...\SophosClean) (Version: 3.7.13.262 - Sophos Limited)
Sophos Diagnostic Utility (HKLM-x32\...\{4627F5A1-E85A-4394-9DB3-875DF83AF6C2}) (Version: 1.20.0.4 - Sophos Limited) Hidden
Sophos Home (HKLM\...\Sophos Endpoint Agent) (Version: 1.1.4 - Sophos Ltd)
Sophos Home (HKLM-x32\...\{65174B13-CB1D-45A8-8B65-69F87AAAAFEB}) (Version: 2.1.137 - Sophos Limited) Hidden
Sophos Management Communications System (HKLM-x32\...\{2C14E1A2-C4EB-466E-8374-81286D723D3A}) (Version: 4.7.15 - Sophos Limited) Hidden
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.3.2.40 - Sophos Limited) Hidden
Sophos System Protection (HKLM\...\{934BEF80-B9D1-4A86-8B42-D8A6716A8D27}) (Version: 2.6.0.71 - Sophos Limited) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Torch (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\Torch) (Version: 60.0.0.1508 - Torch Media, Inc) <==== ATTENTION
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wise Data Recovery 3.87 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.87 - WiseCleaner.com, Inc.)
Workspace Desktop (HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\workspacedesktop) (Version: - Starfield Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\RandyA\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\RandyA\AppData\Local\GoToMeeting\8404\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3248382330-3174346777-3720087843-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\RandyA\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-06-08] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-06-08] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> No File
ContextMenuHandlers2: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll [2016-10-31] ()
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers4: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SophosHomeShellExt] -> {2FE0F6D6-426A-4728-B435-7CF2FE926449} => C:\Program Files (x86)\Sophos\Sophos Home\SophosHomeShellExtX64.dll [2018-01-04] (Sophos Limited)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C745336-1AE2-454D-8CF6-9D4C59562EF7} - System32\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001 => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupdate.exe [2018-03-08] (LogMeIn, Inc.)
Task: {0F695A24-D2D3-4883-BAD7-A054856878F6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {11950068-5E9C-4B88-A6FE-23BCC609A130} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-11] (Dropbox, Inc.)
Task: {1A5E915E-E0EF-4BB6-AE74-56DB4ABD430D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1BFD642F-370C-4549-9E4F-D6FCC59AFF1F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {241DF5D3-A743-48DF-834D-FF8BCE4BBE1B} - System32\Tasks\SafeZone scheduled Autoupdate 1489620631 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {3762ABA5-21FA-4309-BC63-1AFFB3B74A46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-11] (Dropbox, Inc.)
Task: {449426C4-6D06-4F2B-88D8-E97856259656} - System32\Tasks\Opera scheduled Autoupdate 1495912364 => c:\program files\opera\launcher.exe [2018-03-08] (Opera Software)
Task: {44CC0DCA-6385-4045-A95C-1013F7789E2E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-14] (AVAST Software)
Task: {624D11A9-54B0-4B44-85DC-EA0F6F93839E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {64F87EF9-64E3-4352-BD4A-FC1B094C2925} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {694203DB-B5CA-4649-BC8C-00BF0AAD542F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {6EB187D8-7725-4714-AAD3-FC9833E61CEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-27] (Google Inc.)
Task: {814A283D-BD67-42DC-B56B-0522D33242B7} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {99F9E7FB-AD2C-4429-8934-66ECEB7E036F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {E7C550B3-58BB-41A3-B172-CB3E9FE55992} - System32\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001 => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupload.exe [2018-03-08] (LogMeIn, Inc.)
Task: {F3E9907B-B34A-47A2-B9DC-020C9AF0D26B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: {FD482D6F-ED44-4DE5-B2E3-1110F8A18DEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-27] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3248382330-3174346777-3720087843-1001.job => C:\Users\RandyA\AppData\Local\GoToMeeting\8473\g2mupload.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\RandyA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ef49d45f7b6ad4f8\Torch.lnk -> C:\Users\RandyA\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) ==============
2017-08-16 14:39 - 2017-05-26 06:47 - 000090096 _____ () C:\WINDOWS\System32\cpwmon64_v32.dll
2017-05-25 21:38 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-11-06 17:12 - 2014-11-06 17:12 - 000095432 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-26 13:23 - 2017-01-26 13:23 - 000234336 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000141424 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000120072 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000077432 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000165728 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2017-01-26 13:23 - 2017-01-26 13:23 - 000149168 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2017-09-06 14:39 - 2017-11-29 10:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-31 15:45 - 2016-10-31 15:45 - 000592384 _____ () C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX64.dll
2018-03-13 15:07 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-13 15:07 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-15 15:28 - 2018-03-15 15:29 - 000173568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-03-09 19:46 - 2018-03-09 19:46 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11802.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-05-25 21:38 - 2018-03-13 20:24 - 000033936 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-05-25 21:38 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-11-06 17:12 - 2014-11-06 17:12 - 000053448 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\SendMsgCallbackDll.dll
2014-11-06 17:12 - 2014-11-06 17:12 - 000065736 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\XMLParser.dll
2016-10-31 15:43 - 2016-10-31 15:43 - 000564736 _____ () C:\Users\RandyA\AppData\Local\MEGAsync\ShellExtX32.dll
2017-12-08 02:49 - 2017-12-08 02:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 03:24 - 2018-02-19 19:54 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RandyA\Pictures\Nature pics\deer-1987.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: CsrBtOBEXService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 2
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: PDFescape Desktop Creator => 2
HKLM\...\StartupApproved\Run: => "vksts"
HKLM\...\StartupApproved\Run: => "TrayApplication"
HKLM\...\StartupApproved\Run: => "HarmonyUserStartup"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "BackupNowEZ4Tray"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3248382330-3174346777-3720087843-1001\...\StartupApproved\Run: => "Epic Privacy Browser Installer"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{2B2C1366-ACE0-4D61-BE24-1235DD20337D}C:\users\randya\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\randya\appdata\local\epic privacy browser\application\epic.exe
FirewallRules: [TCP Query User{ED22F687-2FC1-479B-9815-BEF331958BD2}C:\users\randya\appdata\local\epic privacy browser\application\epic.exe] => (Allow) C:\users\randya\appdata\local\epic privacy browser\application\epic.exe
FirewallRules: [UDP Query User{C5E3B4D7-30E6-4482-8B89-9C2DC4EA6D60}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [TCP Query User{F56154DE-31F0-4006-83B4-97FBF6CF8183}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [{D3B8D32F-1F29-41C6-AAA4-6718EDB96F2A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_1\SZBrowser.exe
FirewallRules: [{25E51C92-D326-4F54-8743-FACD93363BD0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{D3516075-097A-46A2-B73C-256E573515DC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [UDP Query User{C8641DB9-6078-49A9-A39D-97F2A44332C4}I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe] => (Allow) I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe
FirewallRules: [TCP Query User{5C5CB519-E44D-4724-BE68-9EE1AE612BD8}I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe] => (Allow) I:\my files(desktop-ifoje18)\native\midi stuff\reaper.exe
FirewallRules: [UDP Query User{456841CA-21E4-4455-A927-E2F9AC52A6E4}C:\program files\native instruments\reaktor 6\reaktor 6.exe] => (Allow) C:\program files\native instruments\reaktor 6\reaktor 6.exe
FirewallRules: [TCP Query User{3BFE947A-DDF5-4A7B-8F44-D19A0A8217E3}C:\program files\native instruments\reaktor 6\reaktor 6.exe] => (Allow) C:\program files\native instruments\reaktor 6\reaktor 6.exe
FirewallRules: [TCP Query User{30317D1B-77A9-40B1-9A7E-2B769A4F0783}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{862F122B-5844-48A0-BF44-B5AD82C66546}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{8E08E053-9784-49AB-9468-EB2F446E7384}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1FA8091-3E6C-4E8F-9953-EA34068A1991}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE57C778-9DEC-4439-BB21-C4016FF28D3D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{3B483B00-AB67-4210-AF54-68EA29C411D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{85178E12-FD03-40BA-85B6-9081FE5B9A06}C:\users\randya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\randya\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{70F0AD41-701C-416B-AF4B-6D3189A4A31A}C:\users\randya\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\randya\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26274D1B-2C8E-4507-8B9C-13FE76C59329}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{292E97FE-66AC-4447-B149-D6064717AF5D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9F2E393A-93BD-4956-9D11-78D3DE9846DE}] => (Allow) c:\program files\opera\51.0.2830.40\opera.exe
FirewallRules: [{FE157FB1-789C-424C-95CE-73A050434BF8}] => (Allow) C:\Users\RandyA\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{9E468AA2-5AD9-43F9-91FD-5F2454ABA04E}] => (Allow) C:\Users\RandyA\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{71C4F5B3-C25F-47B6-98E5-866FB07A7CB0}] => (Allow) C:\Users\RandyA\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [{91E5F986-29C6-4549-9D4E-6FAE0301E69F}] => (Allow) c:\program files\opera\51.0.2830.55\opera.exe
==================== Restore Points =========================
23-02-2018 13:55:34 Scheduled Checkpoint
06-03-2018 18:51:16 Scheduled Checkpoint
13-03-2018 15:06:06 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2018 12:48:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.
Error: (03/16/2018 12:00:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.
Error: (03/15/2018 03:29:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_15cfd4c4935e6b11.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.309_none_5d7d0b9ba7da9417.manifest.
Error: (03/13/2018 11:45:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AcroRd32.exe, version: 18.11.20038.5321, time stamp: 0x5a8eec86
Faulting module name: AcroRd32.dll, version: 18.11.20038.5321, time stamp: 0x5a8eec68
Exception code: 0xc0000005
Fault offset: 0x001d2fff
Faulting process id: 0xf5c
Faulting application start time: 0x01d3bb45d472d40f
Faulting application path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
Report Id: 7d53e0c2-6f71-43df-ad95-cc44157564fc
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2018 11:24:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1574
Faulting application start time: 0x01d3bb428f7c0209
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 580ea809-2ccf-455e-afe1-73887063209c
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2018 11:14:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x259c
Faulting application start time: 0x01d3bb40f90d80c4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: a34989af-b050-46ca-8d12-f276a517cb8a
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2018 11:02:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x2b8c
Faulting application start time: 0x01d3bb3a18b00025
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: 2a9f429b-7827-4721-b59f-c402cf93628d
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2018 10:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.369, time stamp: 0x5a131123
Exception code: 0xc0000409
Fault offset: 0x000000000035abe0
Faulting process id: 0x1bc8
Faulting application start time: 0x01d3bb37f3bf3cfe
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report Id: abc9c584-e8c9-40fe-80ed-8965135ef338
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/16/2018 12:44:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2018 11:59:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-IFOJE18)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-IFOJE18\RandyA SID (S-1-5-21-3248382330-3174346777-3720087843-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2018 08:33:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2018 08:33:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2018 08:33:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2017-12-02 21:48:05.961
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2017-12-02 21:48:05.343
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004004
Error description: Operation aborted
Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device.
CodeIntegrity:
===================================
Date: 2018-03-16 16:59:47.195
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:59:47.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:59:08.013
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:59:08.012
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:44:46.127
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:44:46.123
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:29:45.126
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2018-03-16 16:29:45.123
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8098.03 MB
Available physical RAM: 5217.82 MB
Total Virtual: 10202.39 MB
Available Virtual: 6714.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.56 GB) (Free:741.27 GB) NTFS
Drive d: (TOSHIBA EXT XP) (Fixed) (Total:931.41 GB) (Free:340.07 GB) NTFS
\\?\Volume{f0bb3031-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f0bb3031-0000-0000-0000-20c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F0BB3031)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=473 MB) - (Type=27)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9117A580)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================