When I click on a link in a website I get a new window opening in chrome that will redirect me to another site. Here are the FRST files:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by Drew Owens (administrator) on DREW (17-07-2018 17:54:13)
Running from C:\Users\Drew Owens\Downloads
Loaded Profiles: Drew Owens & MSSQL$XACTWARE & MSSQL$SQLEXPRESS (Available Profiles: Drew Owens & MSSQL$XACTWARE & MSSQL$SQLEXPRESS)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\System32\nvwmi64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Xactware) C:\Program Files (x86)\Xactware\XactRemodel27\CORE\x.exe
(Xactware.) C:\Program Files (x86)\Xactware\Common\QA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2014-11-25] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-06-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [280064 2013-09-25] (Intel Corporation)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1202216 2011-11-24] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-07-27] (AMD)
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-06-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\MountPoints2: {1752acfd-2783-11e6-8284-54a05084f227} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\MountPoints2: {2afa427b-1241-11e5-824f-806e6f6e6963} - "F:\CheckID.exe"
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\MountPoints2: {a2bb3a73-c92b-11e5-827e-54a05084f227} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\MountPoints2: {a2bb3a81-c92b-11e5-827e-54a05084f227} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
HKU\S-1-5-18\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
HKU\S-1-5-18\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe [2594304 2012-09-27] (ASUS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-22]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-22]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A044155E-1DC6-435C-A713-5346B470DAE4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CFC164C6-A88A-460C-9D43-467FD275B8ED}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-80-198911736-59120847-1523967167-1988805892-391028842] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133] ATTENTION => Default URLSearchHook is missing
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-17] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2116419765-1218913875-2256313103-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-02] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-06] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2116419765-1218913875-2256313103-1001: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\Drew Owens\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2016-06-23] (Zoom Video Communications, Inc. and RingCentral Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://homepage-web.com/?s=hp&m=home
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default [2018-07-17]
CHR Extension: (Slides) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Docs) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Google Drive) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2018-06-09]
CHR Extension: (Google Search) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Save Tabs) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2018-03-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Sheets) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-07-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-07-15]
CHR Extension: (Fair AdBlocker) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2018-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]
CHR Extension: (Chrome Media Router) - C:\Users\Drew Owens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-30] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S2 hptsvr; C:\Program Files (x86)\HighPoint RAID Management\Service\hptsvr.exe [57344 2010-03-09] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2013-09-25] (Intel Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2015-10-20] (Microsoft Corporation)
R2 MSSQL$XACTWARE; C:\Program Files\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\sqlservr.exe [194240 2015-10-20] (Microsoft Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2014-11-25] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-10-20] (Microsoft Corporation)
S4 SQLAgent$XACTWARE; C:\Program Files\Microsoft SQL Server\MSSQL11.XACTWARE\MSSQL\Binn\SQLAGENT.EXE [613056 2015-10-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-20] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S4 RsFx0202; C:\Windows\System32\DRIVERS\RsFx0202.sys [339648 2015-10-20] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 17:54 - 2018-07-17 17:54 - 000024527 _____ C:\Users\Drew Owens\Downloads\FRST.txt
2018-07-17 17:52 - 2018-07-17 17:54 - 000000000 ____D C:\FRST
2018-07-17 17:52 - 2018-07-17 17:52 - 002412544 _____ (Farbar) C:\Users\Drew Owens\Downloads\FRST64.exe
2018-07-17 17:52 - 2018-07-17 17:52 - 000000000 ____D C:\Users\Drew Owens\Downloads\FRST-OlderVersion
2018-07-15 08:31 - 2018-07-15 08:31 - 000233688 _____ C:\Users\Drew Owens\Documents\ERICMASHBURN_Final Draft.pdf
2018-07-15 08:31 - 2018-07-15 08:31 - 000233668 _____ C:\Users\Drew Owens\Documents\ERICMASHBURNCEDAR_Final Draft.pdf
2018-07-15 08:30 - 2018-07-15 08:30 - 000202172 _____ C:\Users\Drew Owens\Documents\MASHBURNKITCHEN_Final Draft.pdf
2018-07-15 07:11 - 2018-07-15 07:11 - 000159733 _____ C:\Users\Drew Owens\Downloads\RAFTING_TRIP_WAIVER.pdf
2018-07-14 09:30 - 2018-07-14 09:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-12 19:28 - 2018-07-12 19:28 - 000079133 _____ C:\Users\Drew Owens\Downloads\Sitar_Floor_Plan.pdf
2018-07-11 14:38 - 2018-06-11 11:55 - 025744896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 14:38 - 2018-06-09 11:40 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-07-11 14:37 - 2018-06-20 15:01 - 007398232 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 14:37 - 2018-06-20 14:44 - 001676064 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-07-11 14:37 - 2018-06-20 14:44 - 001536120 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-07-11 14:37 - 2018-06-20 13:48 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2018-07-11 14:37 - 2018-06-20 13:48 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fxppm.sys
2018-07-11 14:37 - 2018-06-20 11:58 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2018-07-11 14:37 - 2018-06-20 11:58 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2018-07-11 14:37 - 2018-06-20 11:58 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2018-07-11 14:37 - 2018-06-14 22:01 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 14:37 - 2018-06-12 03:00 - 022374248 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 14:37 - 2018-06-12 02:57 - 019790760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-07-11 14:37 - 2018-06-11 11:36 - 003119616 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 14:37 - 2018-06-11 11:14 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 14:37 - 2018-06-11 11:06 - 005779968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 14:37 - 2018-06-11 11:04 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 14:37 - 2018-06-11 10:39 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-07-11 14:37 - 2018-06-11 10:36 - 015283200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 14:37 - 2018-06-11 10:31 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 14:37 - 2018-06-11 10:22 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 14:37 - 2018-06-11 10:11 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 14:37 - 2018-06-11 09:59 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 14:37 - 2018-06-09 11:26 - 002712064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-07-11 14:37 - 2018-06-09 11:09 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-07-11 14:37 - 2018-06-09 10:59 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-07-11 14:37 - 2018-06-09 10:37 - 004496384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-07-11 14:37 - 2018-06-09 10:37 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-07-11 14:37 - 2018-06-09 10:36 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-07-11 14:37 - 2018-06-09 10:32 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-07-11 14:37 - 2018-06-09 10:11 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-07-11 14:37 - 2018-06-09 10:08 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-07-11 14:37 - 2018-06-09 10:06 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-07-11 14:37 - 2018-06-08 21:47 - 002176072 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-07-11 14:37 - 2018-06-08 20:44 - 001565528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-07-11 14:37 - 2018-06-08 13:26 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 14:37 - 2018-06-08 12:54 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 14:37 - 2018-06-08 12:53 - 000252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 14:37 - 2018-06-08 12:07 - 000404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-07-11 14:37 - 2018-06-08 11:44 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-07-11 14:37 - 2018-06-07 13:51 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 14:37 - 2018-05-24 16:29 - 002449752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 14:37 - 2018-05-24 16:29 - 000428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 14:37 - 2018-05-15 03:42 - 000590680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-07-11 14:37 - 2018-05-03 18:02 - 000439640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 14:37 - 2018-05-03 18:02 - 000325456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2018-07-11 14:37 - 2018-05-03 18:02 - 000187728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2018-07-11 14:37 - 2018-04-26 08:43 - 000918296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000065880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000021848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000018776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000017240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000015192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000013152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:43 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000019288 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 14:37 - 2018-04-26 08:19 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 14:37 - 2018-04-25 12:38 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-07-11 14:33 - 2018-06-12 14:01 - 000149632 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 14:33 - 2018-06-08 08:15 - 002860032 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 14:33 - 2018-06-08 08:15 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000783872 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000612352 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000470016 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 14:33 - 2018-06-08 08:15 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-07 15:19 - 2018-07-07 15:19 - 000212853 _____ C:\Users\Drew Owens\Documents\2018-07-05-0637_Scope.pdf
2018-07-07 15:16 - 2018-07-07 15:16 - 000192095 _____ C:\Users\Drew Owens\Documents\2018-07-05-0637_Customer Total Amount.pdf
2018-07-02 12:24 - 2018-07-02 12:24 - 000635070 _____ C:\Users\Drew Owens\Downloads\HGUSA_CLIMBING_WAIVER_000006.pdf
2018-07-02 12:20 - 2018-07-02 12:20 - 000089262 _____ C:\Users\Drew Owens\Downloads\parentAuthorizationFormOnePage.pdf
2018-07-02 12:20 - 2018-07-02 12:20 - 000087629 _____ C:\Users\Drew Owens\Downloads\immunizationForm.pdf
2018-06-28 07:30 - 2018-06-28 07:30 - 000311421 _____ C:\Users\Drew Owens\Documents\VA-CLINIC_Scope.pdf
2018-06-28 07:29 - 2018-06-28 07:29 - 000002128 _____ C:\Users\Drew Owens\Documents\VA-CLINIC_Allowance Sheet.pdf
2018-06-27 14:37 - 2018-06-27 14:37 - 000000000 ____D C:\Users\Drew Owens\Documents\Remodeler27 Office Templates
2018-06-27 14:22 - 2018-06-27 14:22 - 000001179 _____ C:\Users\Public\Desktop\XactRemodel 3.lnk
2018-06-27 14:22 - 2018-06-27 14:22 - 000000000 ____D C:\ProgramData\Xactware.100
2018-06-27 14:22 - 2018-06-27 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xactware
2018-06-27 14:21 - 2018-06-27 14:33 - 000000000 ____D C:\Program Files (x86)\Xactware
2018-06-27 14:15 - 2018-06-27 14:20 - 851374496 _____ C:\Users\Drew Owens\Downloads\27.103 (13.100417)_Setup.exe
2018-06-27 14:05 - 2018-06-27 14:10 - 1194928600 _____ C:\Users\Drew Owens\Downloads\28.0_Latest_Setup (1).exe
2018-06-27 14:01 - 2018-07-06 06:48 - 000000000 ____D C:\Users\MSSQL$XACTWARE
2018-06-27 14:01 - 2018-06-27 14:01 - 000000020 ___SH C:\Users\MSSQL$XACTWARE\ntuser.ini
2018-06-27 14:01 - 2015-10-20 22:31 - 000097984 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$XACTWARE-sqlctr11.3.6020.0.dll
2018-06-27 14:01 - 2015-10-20 22:31 - 000054976 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.XACTWARE-sqlagtctr.dll
2018-06-27 14:01 - 2015-10-20 22:30 - 000084672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$XACTWARE-sqlctr11.3.6020.0.dll
2018-06-27 14:01 - 2015-10-20 22:30 - 000046272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.XACTWARE-sqlagtctr.dll
2018-06-27 14:01 - 2015-06-14 09:59 - 000000000 ____D C:\Users\MSSQL$XACTWARE\AppData\Roaming\Macromedia
2018-06-27 14:01 - 2015-06-14 00:23 - 000000000 ____D C:\Users\MSSQL$XACTWARE\AppData\Roaming\ATI
2018-06-27 14:01 - 2015-06-14 00:23 - 000000000 ____D C:\Users\MSSQL$XACTWARE\AppData\Local\ATI
2018-06-27 14:01 - 2014-11-21 03:52 - 000000369 _____ C:\Users\MSSQL$XACTWARE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2018-06-27 14:01 - 2014-11-21 03:52 - 000000369 _____ C:\Users\MSSQL$XACTWARE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2018-06-27 13:53 - 2018-06-27 13:53 - 000266296 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
2018-06-27 13:53 - 2018-06-27 13:53 - 000159288 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
2018-06-27 13:53 - 2018-06-27 13:53 - 000000000 ____D C:\Users\Drew Owens\AppData\LocalLow\WebEx
2018-06-27 13:53 - 2018-06-27 13:53 - 000000000 ____D C:\Users\Drew Owens\AppData\Local\WebEx
2018-06-27 13:53 - 2018-06-27 13:53 - 000000000 ____D C:\ProgramData\WebEx
2018-06-27 13:47 - 2018-06-27 13:47 - 310972408 _____ (Microsoft Corporation) C:\Users\Drew Owens\Downloads\SQLEXPR_x64_ENU (2).exe
2018-06-27 13:29 - 2018-06-27 13:36 - 000000000 ____D C:\Users\Drew Owens\Documents\27.103 (13.100417)_Setup
2018-06-27 11:15 - 2015-07-30 09:04 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2018-06-27 11:15 - 2015-07-30 08:48 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-06-27 11:04 - 2018-07-06 06:48 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS
2018-06-27 11:04 - 2018-06-27 11:04 - 000000020 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.ini
2018-06-27 11:04 - 2018-06-27 11:04 - 000000000 ____D C:\Windows\system32\RsFx
2018-06-27 11:04 - 2018-06-27 11:04 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2018-06-27 11:04 - 2015-10-20 22:33 - 000186048 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2018-06-27 11:04 - 2015-10-20 22:31 - 000097984 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr11.3.6020.0.dll
2018-06-27 11:04 - 2015-10-20 22:31 - 000054976 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2018-06-27 11:04 - 2015-10-20 22:30 - 000084672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr11.3.6020.0.dll
2018-06-27 11:04 - 2015-10-20 22:30 - 000046272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL11.SQLEXPRESS-sqlagtctr.dll
2018-06-27 11:04 - 2015-06-14 09:59 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Macromedia
2018-06-27 11:04 - 2015-06-14 00:23 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\ATI
2018-06-27 11:04 - 2015-06-14 00:23 - 000000000 ____D C:\Users\MSSQL$SQLEXPRESS\AppData\Local\ATI
2018-06-27 11:04 - 2014-11-21 03:52 - 000000369 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2018-06-27 11:04 - 2014-11-21 03:52 - 000000369 _____ C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2018-06-27 11:04 - 2012-02-11 09:46 - 000082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2018-06-27 11:03 - 2018-06-27 11:03 - 000000000 ____D C:\Windows\SysWOW64\1033
2018-06-27 11:03 - 2018-06-27 11:03 - 000000000 ____D C:\Windows\system32\1033
2018-06-27 10:53 - 2018-06-27 10:53 - 000000000 ____D C:\Users\Drew Owens\AppData\Local\Microsoft_Corporation
2018-06-27 10:48 - 2014-06-09 17:13 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2018-06-27 10:48 - 2014-06-09 17:13 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2018-06-27 10:45 - 2018-06-27 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2018-06-27 10:44 - 2018-06-27 14:00 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-06-27 10:34 - 2018-06-27 10:34 - 000000000 ____D C:\Users\Drew Owens\Documents\New folder
2018-06-27 06:50 - 2018-06-27 14:00 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-06-27 06:50 - 2018-06-27 06:50 - 000000000 ____D C:\Windows\PCHEALTH
2018-06-27 06:50 - 2018-06-27 06:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2018-06-27 06:49 - 2018-06-27 06:49 - 319471456 _____ (Microsoft Corporation) C:\Users\Drew Owens\Downloads\SQLServer2008SP3-KB2546951-x86-ENU.exe
2018-06-27 06:45 - 2018-06-27 06:46 - 382312800 _____ (Microsoft Corporation) C:\Users\Drew Owens\Downloads\SQLServer2008SP3-KB2546951-IA64-ENU.exe
2018-06-27 06:29 - 2018-06-27 06:29 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-27 06:29 - 2018-06-27 06:29 - 000000000 ____D C:\Program Files\MSBuild
2018-06-27 06:29 - 2018-06-27 06:29 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-27 06:29 - 2018-06-27 06:29 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-27 06:29 - 2013-08-02 23:48 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2018-06-27 06:29 - 2013-08-02 23:41 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2018-06-27 06:26 - 2018-06-26 18:58 - 851374496 _____ C:\Users\Drew Owens\Documents\27.103 (13.100417)_Setup.zip
2018-06-25 12:08 - 2018-06-25 12:08 - 000018564 _____ C:\Users\Drew Owens\Downloads\ba resume.odt
2018-06-25 12:08 - 2018-06-25 12:08 - 000018564 _____ C:\Users\Drew Owens\Downloads\ba resume (1).odt
2018-06-24 18:45 - 2018-06-24 18:45 - 001680627 _____ C:\Users\Drew Owens\Downloads\Homewood High School 2018.pdf
2018-06-19 20:28 - 2018-06-19 20:28 - 001983329 _____ C:\Users\Drew Owens\Downloads\Immunization-Certificate-Cux+xMXe.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 17:54 - 2015-06-22 12:37 - 000000976 _____ C:\Windows\SysWOW64\za_mv_raid.ev
2018-07-17 17:53 - 2011-11-21 22:08 - 000123904 _____ C:\Windows\SysWOW64\freqdb.db
2018-07-17 17:04 - 2015-06-14 00:18 - 000003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{102659FB-EE4A-43EE-A5FD-D550B4718180}
2018-07-17 11:14 - 2014-11-21 03:44 - 001121712 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-17 11:14 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Inf
2018-07-17 11:10 - 2015-06-13 22:11 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-17 11:10 - 2013-08-22 09:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-17 11:08 - 2013-08-22 08:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-07-17 09:34 - 2015-06-14 00:40 - 000000000 ____D C:\Users\Drew Owens\AppData\Local\Adobe
2018-07-16 17:02 - 2015-06-14 20:16 - 000563832 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-07-16 13:17 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\rescache
2018-07-15 09:35 - 2013-08-22 09:44 - 005136064 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-15 09:33 - 2015-06-14 11:49 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-15 09:33 - 2013-08-22 10:36 - 000000000 ___RD C:\Windows\ToastData
2018-07-15 09:32 - 2015-06-13 22:00 - 000000000 ____D C:\Users\Drew Owens
2018-07-15 07:17 - 2015-06-13 22:06 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2116419765-1218913875-2256313103-1001
2018-07-14 10:19 - 2013-08-22 10:36 - 000000000 ____D C:\Windows\AppReadiness
2018-07-14 10:14 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-14 09:31 - 2013-08-22 10:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-14 09:30 - 2016-12-30 10:29 - 000002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-14 09:30 - 2016-08-01 08:20 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-14 09:30 - 2016-08-01 08:17 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-12 05:47 - 2015-06-14 10:08 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-07-12 05:47 - 2015-06-14 10:08 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2018-07-12 05:47 - 2015-06-14 10:08 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2018-07-11 14:59 - 2013-08-22 10:20 - 000000000 ____D C:\Windows\CbsTemp
2018-07-11 14:58 - 2015-06-14 11:40 - 000000000 ____D C:\Windows\system32\MRT
2018-07-11 14:57 - 2015-06-14 11:40 - 134675576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-07-11 14:33 - 2018-05-12 12:01 - 000685568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-06-28 17:07 - 2016-12-30 10:36 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-28 17:07 - 2016-12-30 10:36 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-28 08:32 - 2015-08-20 15:57 - 000001456 _____ C:\Users\Drew Owens\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-06-27 11:04 - 2013-08-22 10:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-26 16:36 - 2015-06-14 00:20 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 16:36 - 2015-06-14 00:20 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-25 12:08 - 2015-06-13 22:00 - 000000000 ____D C:\Users\Drew Owens\AppData\Local\Packages
2018-06-24 03:06 - 2017-08-24 20:45 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2116419765-1218913875-2256313103-1001
2018-06-24 03:06 - 2016-08-02 16:23 - 000002317 _____ C:\Users\Drew Owens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-06-17 10:22 - 2015-09-04 06:28 - 000000000 ____D C:\Users\Drew Owens\AppData\Local\CrashDumps
==================== Files in the root of some directories =======
2015-06-25 18:07 - 2015-06-25 18:07 - 000000033 _____ () C:\Users\Drew Owens\AppData\Roaming\AdobeWLCMCache.dat
2015-08-20 15:57 - 2018-06-28 08:32 - 000001456 _____ () C:\Users\Drew Owens\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-14 20:16 - 2015-06-16 01:56 - 000007641 _____ () C:\Users\Drew Owens\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2015-01-13 09:05 - 2015-01-13 09:05 - 015517394 _____ (Intel Corporation) C:\Users\Drew Owens\AppData\Local\Temp\setup.exe
2015-01-13 09:05 - 2015-01-13 09:05 - 027293214 _____ (Intel Corporation) C:\Users\Drew Owens\AppData\Local\Temp\setup64.exe
2015-06-14 11:01 - 2006-05-23 23:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Drew Owens\AppData\Local\Temp\_isB4AA.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-16 13:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Drew Owens (17-07-2018 17:54:37)
Running from C:\Users\Drew Owens\Downloads
Windows 8.1 (Update) (X64) (2015-06-14 03:00:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2116419765-1218913875-2256313103-500 - Administrator - Disabled)
Drew Owens (S-1-5-21-2116419765-1218913875-2256313103-1001 - Administrator - Enabled) => C:\Users\Drew Owens
Guest (S-1-5-21-2116419765-1218913875-2256313103-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Audition CC 2014 (HKLM-x32\...\{F3388E10-EFA9-4A80-B28E-2E647F8D00C4}) (Version: 7.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe SpeedGrade CC 2014 (HKLM-x32\...\{8EFF28F0-9DFD-4208-9E04-4D49A4812CF3}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AMD Catalyst Install Manager (HKLM\...\{ED5ECF2E-47B4-1A59-422B-50D90639214A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
FileZilla Client 3.13.0 (HKLM-x32\...\FileZilla Client) (Version: 3.13.0 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HighPoint RAID Management v2.1.4.12.1026 (HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\HighPoint RAID Management) (Version: v2.1.4.12.1026 - HighPoint Technologies, Inc.)
HydraVision (HKLM-x32\...\{84D18AB7-CBA1-1393-7D60-63504616FD1F}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
Intel Processor Diagnostic Tool 64bit (HKLM\...\{F24BC99D-3FC1-4503-BEFA-5DDD16C6265A}) (Version: 2.20.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.8.0.1106 - Intel Corporation)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.2003 - Marvell)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9AE22681-C27C-402A-A136-15854DFF693D}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{BDF7F870-15E2-49A7-9123-65E8FF52ECAA}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{22645997-D3F4-4056-A21A-88A018A90C1F}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{076FF390-D283-4174-B602-B0B7B72BD024}) (Version: 11.3.6020.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.3.6020.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
RingCentral for Windows (HKLM-x32\...\{2D1582B3-487E-4BFA-962B-158D3B181740}) (Version: 8.1.1.21232 - RingCentral)
RingCentral Meetings (HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\...\RingCentralMeetings) (Version: 4.2 - Zoom Video Communications, Inc. and RingCentral Inc.)
Service Pack 3 for SQL Server 2012 (KB3072779) (64-bit) (HKLM\...\KB3072779) (Version: 11.3.6020.0 - Microsoft Corporation)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{26773F6F-E7B5-4F58-9347-0347C998BA7D}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{C22864D5-FB3F-4609-BF0C-ADBCC70742C4}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.3.6020.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.3.6020.0 - Microsoft Corporation) Hidden
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinRAR 5.40 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
XactRemodel 3 (HKLM-x32\...\{00271000-8116-4423-99E0-4A5D07E678E8}) (Version: 27.103.2013.417 - Xactware)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2116419765-1218913875-2256313103-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Drew Owens\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2116419765-1218913875-2256313103-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-05-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-05-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing, S.L.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing, S.L.)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2014-11-25] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2014-11-25] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-05-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-05-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-04-29] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {13AA8B5A-784C-4316-A979-CBEEBF57ACC1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {1F27D3E8-AE10-40EA-949B-E725E906B25A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-14] (Microsoft Corporation)
Task: {2444BE95-AC35-43D0-91D9-B6DA3D862EC2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-14] (Microsoft Corporation)
Task: {27DB692B-B6BE-44F8-A459-BE61C726BAC9} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {41A2B548-3318-4BA9-A87A-CDC28E9AD219} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {4EE02956-45BE-4C55-B95E-079D457470F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {5CA00C3B-5A4C-4FBB-8A34-8A9FE89C68C2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-14] (Microsoft Corporation)
Task: {60611B4D-1CBE-4B1C-8A2C-E1F30B4F6A8E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7327911D-07BC-4E6D-BF4B-84270B7F4294} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-14] (Microsoft Corporation)
Task: {7B948C3E-DA7F-4769-9FFC-4CF7C506E43A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)
Task: {80A798A4-A39B-4090-B3FF-BD2FCEA2BD91} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {82BC6F91-20EC-4C76-B419-228B0C0D790F} - System32\Tasks\AdobeGCInvoker-1.0-Drew-Drew Owens => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {F37D7E10-97F1-4F82-AF08-EC779C09352F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {F9709285-449A-4552-9E3F-D3E8A1FC1A06} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {FB624E11-8E38-4253-9755-E6A9F74609B1} - System32\Tasks\AdobeAAMUpdater-1.0-Drew-Drew Owens => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-06-13 22:12 - 2014-11-25 18:15 - 002693448 _____ () C:\Windows\system32\nvwmi64.exe
2015-06-13 22:11 - 2014-11-25 16:39 - 000115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 13:24 - 2012-01-17 13:24 - 000055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2018-02-10 02:12 - 2018-02-10 02:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2011-11-24 21:39 - 2011-11-24 21:39 - 001202216 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2018-02-27 21:08 - 2018-02-27 21:08 - 034523072 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2018-06-26 16:36 - 2018-06-22 14:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 16:36 - 2018-06-22 14:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2011-11-21 21:48 - 2011-11-21 21:48 - 000073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2012-09-10 13:37 - 2012-09-10 13:37 - 000192512 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2012-09-27 13:08 - 2012-09-27 13:08 - 000049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2018-02-14 06:03 - 2018-02-14 06:03 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2018-01-30 09:38 - 2018-01-30 09:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 09:39 - 2018-01-30 09:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 09:38 - 2018-01-30 09:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-01-30 09:38 - 2018-01-30 09:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-02-14 06:26 - 2018-02-14 06:26 - 000099800 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-01-30 09:38 - 2018-01-30 09:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2018-07-16 08:47 - 2018-07-16 08:47 - 000016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\336021e00e6a648b694427082077ed9b\PSIClient.ni.dll
2012-02-15 12:26 - 2012-02-15 12:26 - 000198656 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\XWKey32.DLL
2012-02-15 12:26 - 2012-02-15 12:26 - 000004608 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\Core.Imports.dll
2012-02-15 12:25 - 2012-02-15 12:25 - 003518464 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\itextsharp.dll
2012-02-15 12:27 - 2012-02-15 12:27 - 002735104 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\Telerik.Windows.Controls.Navigation.dll
2012-02-15 12:27 - 2012-02-15 12:27 - 002457600 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\Telerik.Windows.Controls.GridView.dll
2012-02-15 12:27 - 2012-02-15 12:27 - 000443904 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\Telerik.Windows.Data.dll
2012-02-15 12:27 - 2012-02-15 12:27 - 001784320 _____ () C:\Program Files (x86)\Xactware\XactRemodel27\CORE\Telerik.Windows.Controls.Input.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2116419765-1218913875-2256313103-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{95F485CD-E599-4F9A-B8D7-2CC722E92402}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{0B3883C1-4C41-4F70-A3FD-31EF820EFAE6}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [{B3CAEFEE-3E8D-412A-864F-516556E6FE42}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{D17210B0-721A-457F-983A-686D3895C12A}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [UDP Query User{563908D8-8E85-4C24-A1D8-580AAE3D0095}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [{4F3937FB-8C00-4F15-9AD2-2E546E74CD1E}] => (Allow) C:\Users\Drew\RingCentralMeetings.exe
FirewallRules: [{CD30BB73-BDFA-4580-BE74-DCB2E5AEEEC9}] => (Allow) C:\Users\Drew\airhost.exe
FirewallRules: [{13640734-CB67-4144-B54E-B9FFE77E1455}] => (Allow) C:\Users\Drew\RingCentralMeetings.exe
FirewallRules: [{BA911F27-D35D-48CE-B9AA-65CA39164D41}] => (Allow) C:\Users\Drew\airhost.exe
FirewallRules: [TCP Query User{E031A6B1-7CBD-4C9A-BBD1-A26713A5C0A7}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [UDP Query User{2320A350-797F-402D-9731-4EF57A72D99F}C:\program files (x86)\ringcentral for windows\softphone.exe] => (Allow) C:\program files (x86)\ringcentral for windows\softphone.exe
FirewallRules: [{C6C1695F-239E-4AD2-8A94-EB03D0B979DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A96DA2D5-B791-4C02-99BC-3B55998CE82E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{94075EDF-76FC-400B-B532-3A635F5EF4C3}] => (Allow) C:\Users\Drew Owens\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe
FirewallRules: [{3C33F42F-3CC0-4A16-AFD5-EB20B4F8100A}] => (Allow) C:\Users\Drew Owens\AppData\Roaming\RingCentralMeetings\bin\airhost.exe
FirewallRules: [{11A5160C-C6BA-4417-AD2C-F2AC2804D22F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{242AA226-0EF7-486B-8C77-FC5EACA3B873}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7184AEC4-E4FA-4928-AB79-D7EC76CD6AFD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2B3EFE85-7F44-4052-B3E3-94623261E9CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
27-06-2018 06:28:30 Windows Modules Installer
05-07-2018 07:34:22 Scheduled Checkpoint
11-07-2018 14:57:00 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2018 05:49:45 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (07/17/2018 11:33:36 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/17/2018 11:10:02 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.22 for ServerName .
Error: (07/16/2018 01:16:29 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/15/2018 06:02:37 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/15/2018 09:35:38 AM) (Source: Apache Service) (EventID: 3299) (User: )
Description: The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.22 for ServerName .
Error: (07/15/2018 07:03:52 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (07/14/2018 09:30:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (07/17/2018 11:09:36 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code.
Error: (07/17/2018 09:42:52 AM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (07/17/2018 09:42:22 AM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (07/16/2018 01:18:14 PM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (07/16/2018 01:17:44 PM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (07/16/2018 08:43:23 AM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (07/16/2018 08:42:53 AM) (Source: DCOM) (EventID: 10010) (User: Drew)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (07/15/2018 09:35:08 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code.
Windows Defender:
===================================
Date: 2018-07-07 10:54:56.954
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {4A6D80A1-A97B-4EFC-B9EE-D8C034A44DCB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-05 07:11:26.680
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {DA60F0F2-F080-4DD2-B47F-1FD0BE5F52AA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-07-04 07:51:41.837
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1D3BAF1D-4536-4F02-BBE1-EFC5F2BBB699}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-24 06:20:36.682
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {965AA1DA-D6EC-4606-90A6-EAF791F1B8CA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-24 06:16:19.820
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {B3DB7214-E605-46F2-87D4-CC3E3A2115C5}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-06-26 16:45:38.511
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.55.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2018-06-26 16:45:38.511
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.271.55.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15000.2
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2018-06-26 16:45:14.539
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1925.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-06-26 16:45:14.539
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1925.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-06-26 16:45:14.539
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1925.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-07-16 08:42:27.917
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-07 10:55:00.839
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-07-02 12:30:00.667
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-27 04:55:02.324
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-19 20:36:22.637
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-17 10:44:07.545
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-06-13 10:54:25.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 6%
Total physical RAM: 65475 MB
Available physical RAM: 61223.5 MB
Total Virtual: 75203 MB
Available Virtual: 69687.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.23 GB) (Free:38.42 GB) NTFS
Drive e: () (Fixed) (Total:74.52 GB) (Free:27.85 GB) NTFS
Drive f: (PENDRIVE) (Removable) (Total:7.49 GB) (Free:6.7 GB) FAT32
Drive r: (Raid) (Fixed) (Total:1862.87 GB) (Free:1619.16 GB) NTFS
\\?\Volume{2afa4275-1241-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1862.9 GB) (Disk ID: F60BEC03)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 7704B4C1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: A78EA78E)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
==================== End of Addition.txt ============================